Give one user access to see and execute one SSIS package as a SQL Agent Job, but none of the rest. Although the package exports data from one database on Server A to a new database on Server B, this does not count as a multi-server job in SQL terms. I've assumed that the package itself has been created and works as a SQL Agent Job under a sysadmin login, but I don't want to give this guy sysadmin access. He's a developer.
- Create the credential, based on an existing login, on Server B. If you use a Windows login, it will want the correct password for that login, so don't get clever and make one up (can you spot the mistake I made?).
- Make sure that the credential's login has the correct access on Server B
- Create the proxy, point it at the credential.
- Add principals to the Proxy i.e. the accounts that you want to have the rights of the proxy when executing the SQL Agent Job.
- Create the job, and make the user's Login the owner of the job.
- Give the user's Login the following rights in MSDB: db_ssisoperator and SQLAgentUserRole
- Test.
I found it very helpful to test this process out using my non-sysadmin Windows account: it meant I could test out the process while being able to see all error messages on my own machine.
Doubtless, there are better explanations of how to do this out there: and I am not sure what I would do if I needed to allow multiple users to execute the same package under such constraints. I am sure someone will let me know...
No comments:
Post a Comment