Service Account for SSIS package run from Agent Job on AlwaysOn

Question

Service Account for SSIS package run from Agent Job on AlwaysOn

winston Smith

SSCoach

Points: 19500
More actions
June 14, 2019 at 2:50 pm

#3653844

I have a sql sql server with SSIS. An agent job executes an ssis pacakge that copies files too and from directories.
I am now converting this to alwaysOn, so planning for permissions.

When the ssis package is run via agent job, which accounts require permissions to read and write to the file directories?
- The agent service account
-TheSQLserviceAccount
-TheSSISServiceAcount

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply

Phil Parkin SSC Guru Points: 246960 More actions · Answer 1

The Agent service account.

The absence of evidence is not evidence of absence
- Martin Rees
The absence of consumable DDL, sample data and desired results is, however, evidence of the absence of my response
- Phil Parkin

Jeffrey Williams SSC Guru Points: 90303 More actions · Answer 2

The security context is determine by the owner of the job - or the Run As for each step. You can setup a proxy to run specific types of job steps that only have the necessary permissions for that job type.

If the owner of the job is a sysadmin - the job runs in the context of the SQL Server service account. For non-sysadmin owners the job will run in that users context - unless the step is using a proxy account.

I would recommend that all SSIS packages be set to run with a proxy account - that way you can insure the correct permissions transfer across systems and is not reliant upon the service account on each instance.

This reply was modified 5 years, 5 months ago by Jeffrey Williams.

Jeffrey Williams
“We are all faced with a series of great opportunities brilliantly disguised as impossible situations.”

― Charles R. Swindoll

How to post questions to get better answers faster
Managing Transaction Logs

winston Smith SSCoach Points: 19500 More actions · Answer 3

Excellent, exactly what I need to know. Thanks for the help!

Phil Parkin SSC Guru Points: 246960 More actions · Answer 4

Jeffrey Williams wrote:

. If the owner of the job is a sysadmin - the job runs in the context of the SQL Server service account.

I don't think that this is correct. SSIS packages execute under the SQL Agent service account details under these circumstances.

The absence of evidence is not evidence of absence
- Martin Rees
The absence of consumable DDL, sample data and desired results is, however, evidence of the absence of my response
- Phil Parkin