June 14, 2019 at 2:50 pm
I have a sql sql server with SSIS. An agent job executes an ssis pacakge that copies files too and from directories.
I am now converting this to alwaysOn, so planning for permissions.
When the ssis package is run via agent job, which accounts require permissions to read and write to the file directories?
- The agent service account
-TheSQLserviceAccount
-TheSSISServiceAcount
June 14, 2019 at 2:58 pm
The Agent service account.
The absence of evidence is not evidence of absence.
Martin Rees
You can lead a horse to water, but a pencil must be lead.
Stan Laurel
June 15, 2019 at 3:30 pm
The security context is determine by the owner of the job - or the Run As for each step. You can setup a proxy to run specific types of job steps that only have the necessary permissions for that job type.
If the owner of the job is a sysadmin - the job runs in the context of the SQL Server service account. For non-sysadmin owners the job will run in that users context - unless the step is using a proxy account.
I would recommend that all SSIS packages be set to run with a proxy account - that way you can insure the correct permissions transfer across systems and is not reliant upon the service account on each instance.
Jeffrey Williams
“We are all faced with a series of great opportunities brilliantly disguised as impossible situations.”
― Charles R. Swindoll
How to post questions to get better answers faster
Managing Transaction Logs
June 15, 2019 at 7:17 pm
Excellent, exactly what I need to know. Thanks for the help!
June 15, 2019 at 8:29 pm
. If the owner of the job is a sysadmin - the job runs in the context of the SQL Server service account.
I don't think that this is correct. SSIS packages execute under the SQL Agent service account details under these circumstances.
The absence of evidence is not evidence of absence.
Martin Rees
You can lead a horse to water, but a pencil must be lead.
Stan Laurel
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply