July 12, 2022 at 8:21 am
I need a quick refresher on how the Proxy stuff hangs together.
I know I create a Credential mapped to an AD account which has permissions to any file system resource I need to access in my packages.
I know I then create a Proxy mapped to that Credential and grant the Proxy access to the sub systems required
I know I then use that Proxy as the "Run As" for the SQL Agent Job Step which calls the SSIS Package. This allows the SSIS package to access any non SQL resource that the credential has permission to access.
So my question, if my SSIS package uses Integrated Authentication, I assume any SQL Server Data Connections made in that package connect in the context of the Credential mapped to the proxy set in the job step? With that assumed, do I then need to create a SQL Login for the same AD account that the Credential uses, and then create DB Users mapped to that Login in each DB that the SSIS package touches and ensure that each user has the granular db permissions to any db object required by the SSIS package?
Is that correct?
July 12, 2022 at 9:54 am
yes - you need to create a login from credential (not login from windows) and then add that login to the required dbs as needed
July 12, 2022 at 9:44 pm
yes - you need to create a login from credential (not login from windows) and then add that login to the required dbs as needed
If accessing the same instance where the proxy account/credential were created. If accessing a remote SQL instance - then you do need to create a login from that AD account on that instance with appropriate database users and permissions for the SSIS package to run.
Jeffrey Williams
“We are all faced with a series of great opportunities brilliantly disguised as impossible situations.”
― Charles R. Swindoll
How to post questions to get better answers faster
Managing Transaction Logs
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply