SQLServerCentral Article

Locking Down DTS

,

By default, anyone with an account on your SQL Server can create a package and save it to your SQL Server. This doesn't present a problem if people are saving packages as .DTS files, but when people save them onto the SQL Server or Repository, your MSDB database can grow out of control. This quick tip shows you how to prevent people from seeing packages on your server and creating new ones.

Any user with default security can save and view packages in SQL Server, unless of course they're trying to save a package that has an owner password. Although you can trace which users are creating packages, it may be easier just to tighten the security bolts slightly and only allow certain users to create packages. If you don't want your users to be able to see the packages installed on your server, simply deny them access to sp_enum_dtspackages stored procedure. Users will not see an error if they try to see a package in Enterprise Manager, but the list will simply be empty now.

A huge problem I had was with developers saving tons of packages on the production SQL Server. You can lock down who can create packages in Enterprise Manager by denying access to the sp_add_dtspackage stored procedure in the MSDB database. If a user is especially creative, they could get around that stored procedure by using the DTS object model, but that will lock down 99% of possible problems.

Rate

Share

Share

Rate