August 28, 2013 at 9:52 am
SQL2008
I have users that will need to
1) run jobs
2) modify and execute SSIS packages
Is there a built-in roles / permissions for that?
I have considered deploying SSIS packages to file system level and allowing users access to that folder (to enable them to modify and execute SSIS packages). Is there any downside / security concerns with this route?
August 28, 2013 at 1:49 pm
If you allow access to the file system, realize that the SSIS packages will execute from wherever the dtexec command is given. So if it's given from the user's workstation, that's where it runs. When you use SQL Server Agent jobs, it's running from wherever the SQL Server Agent is running. That's the biggest hump to get over is to understand where the execution is.
For SSIS related roles in msdb, here's an explanation of what each does (from Books Online):
Integration Services Roles (SSIS Service)
K. Brian Kelley
@kbriankelley
August 28, 2013 at 7:43 pm
If you allow access to the file system, realize that the SSIS packages will execute from wherever the dtexec command is given. So if it's given from the user's workstation, that's where it runs.
Do you mean if the SSIS package is deployed to a server directory. And the user connects using a UNC path \\servername\foldername; when the user executes the package, is it still running from the user's workstation?
If there's a ftp task on the SSIS package, for example, FTP to say, D drive - does this mean it'll ftp the file to the user's workstation's D drive and not the server's D drive?
August 29, 2013 at 11:12 am
Exactly.
K. Brian Kelley
@kbriankelley
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply