Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


SSIS Package Credentials


SSIS Package Credentials

Author
Message
thierry.vandurme
thierry.vandurme
SSC Eights!
SSC Eights! (838 reputation)SSC Eights! (838 reputation)SSC Eights! (838 reputation)SSC Eights! (838 reputation)SSC Eights! (838 reputation)SSC Eights! (838 reputation)SSC Eights! (838 reputation)SSC Eights! (838 reputation)

Group: General Forum Members
Points: 838 Visits: 513
I'm missing some things here (principal, job owner, ...). I doubt this (and the link to the summary on codeproject) is the recommended way if you want it to be "totally" secure (if that's ever possible).

The articles grant sysadmin and all MSDB roles. What for? This is way too much (in most cases). Plus, you are assigning all 3 msdb roles. You don't want this login to see ALL jobs, right? They should only see their own jobs. Check BOL and see that these roles follow a hierarchy (the most privileged one includes the permission from the other two). It's like people assigning a login the sysadmin server role AND the securityadmin role. The first one already includes all privileges...

You should be assigning a principal (needs only the public server role) access to the proxy, run the job step under the proxy, set the job owner to the SQL login, grant only the SQLAgentUserRole msdb role to the SQL login, set appropriate permissions on the dtsx file and folder it resides in, ...

We did it like this and it works fine. It needs a lot of work and maintenance though.
m--S3qU3L
m--S3qU3L
SSC Veteran
SSC Veteran (292 reputation)SSC Veteran (292 reputation)SSC Veteran (292 reputation)SSC Veteran (292 reputation)SSC Veteran (292 reputation)SSC Veteran (292 reputation)SSC Veteran (292 reputation)SSC Veteran (292 reputation)

Group: General Forum Members
Points: 292 Visits: 714
Hi,

I have a doubt regarding the final article ('How to Schedule and Run a SSIS Package job') mentioned in this article.

Why do we need to give sysadmin server role to the 'executor login' as the whole concept of proxy account is for executing job for under priviledged logins.

Please could any one clarify?

Thanks in advance

John
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search