SSISDB Setup - Does anyone know why CLR needs to be enabled?

  • SSISDB Setup - Does anyone know why CLR needs to be enabled? Would this be any kind of security risk enabling CLR?

  • Hi tan110,

    We need to enable CLR because the integration services catalog uses CLR procedures. Integration services catalog has to be created on the server in order to be able to deploy SSIS packages to SQL Server.

    Best Regards,

  • For example:

    create function internal.get_execution_perf_counters

    (

    @execution_id bigint

    ,@execution_guid uniqueidentifier

    )

    returns table

    (

    execution_id bigint null

    ,counter_name nvarchar(128) null

    ,counter_value bigint null

    )

    with execute as caller

    as external name

    ISSERVER.[Microsoft.SqlServer.IntegrationServices.Server.ExecPerfCounterApi].GetExecPerfCounters;

    go

    The absence of evidence is not evidence of absence
    - Martin Rees
    The absence of consumable DDL, sample data and desired results is, however, evidence of the absence of my response
    - Phil Parkin

  • This is about the most overblown and ridiculous security claim in all of SQL Server, prohibiting the flagship ETL deployment model, the SSISDB, because some 3rd party application which also incorrectly flags SQL Server collation coefficients via 2000. CLR is not a security risk, it actually has enhancements to security in multiple regards.

    To be clear there is no security issue, SQLCLR code can’t do anything more in a database than an equivalent T-SQL code module running under the same security context. Ignorantly prohibiting CLR also prevents SSISDB deployment, which drastically improves security via less RDP accounts, FileSystem management and less rights needs, Backup inheritance inside the maintenance plans, Full Package Encryption via TDE, to say nothing of SSIS package deployments and maintenance via the environment section of the SSISDB and lack of many C# functions in SSIS which require CLR.

    Read this article http://www.codemag.com/article/0603031

    To enable CLR simply run

    sp_configure 'show advanced options', 1;

    GO

    RECONFIGURE;

    GO

    sp_configure 'clr enabled', 1;

    GO

    RECONFIGURE;

    GO

    SQLCLR code can’t do anything more in a database than an equivalent T-SQL code module running under the same security context.

  • Great Thanks for letting me know.

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply