SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


SSIS deployment security question


SSIS deployment security question

Author
Message
tiffanyjanetblack
tiffanyjanetblack
SSC Eights!
SSC Eights! (973 reputation)SSC Eights! (973 reputation)SSC Eights! (973 reputation)SSC Eights! (973 reputation)SSC Eights! (973 reputation)SSC Eights! (973 reputation)SSC Eights! (973 reputation)SSC Eights! (973 reputation)

Group: General Forum Members
Points: 973 Visits: 357
I have searched for days, and i really need help.
We have some devs who I need to allow them ability to support production crises. This is an interim solution until we get them trained on testing, source control, deployment procedures, TFS and suchlike. Up until now it has been a prod-only development pattern. Changes are being made on the sly to "fix" items and then they break...same old story.

We'd like to write a stored proc that will temporarily grant them the equivalent of admin rights on an as-needed basis, with the understanding we will be tracking all changes, emailing entire team, and removing access after x hours. I can do this easily IF I knew which bloody rights to grant and DENY.

I want them to be able to:
remote to box (already can, and can get to SSIS as well)
get an ssis package from msdb, export it to a folder on the prod box, open it, run in debug, fix some crap, run it.
BUT NOT TO DEPLOY it back to msdb, where all packages live. We will do that ourselves as it comes up.
view sql agent jobs, steps, disable steps, rerun steps etc. no real restrictions there. yet.
query, alter,exec, create all other db objects (again, this is temporary)

It seems I need to grant admin or dtsoperator, but I cant figure out how to deny the deployment of a package to msdb.


Thoughts?
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum







































































































































































SQLServerCentral


Search