Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Executing a SSIS package as different user from SSISDB

Tags:

sql-server

proxy

execution

ssis

We had a requirement that a SSIS package should be executed by the user using a Proxy Account and referencing an input parameter.

The following demonstrates the syntax used to invoke the package execution... 

DECLARE @ExportID INT = 1;
DECLARE @ExecutionID INT;

EXECUTE AS [proxy_account]  

EXEC [SSISDB].[catalog].[create_execution]
    @folder_name = 'DW',  
    @project_name = 'DW_ETL',  
    @reference_id = NULL,  
    @use32bitruntime = 1,  
    @execution_id = @ExecutionID OUTPUT;

EXEC [SSISDB].[catalog].[set_execution_parameter_value]  
    @execution_id = @ExecutionID,  
    @object_type = 30,  
    @parameter_name = 'ExportID',  
    @parameter_value = @ExportID;

EXEC [SSISDB].[catalog].[start_execution]  
    @execution_id = @ExecutionID;

REVERT

This resulted in the following error message:

The current security context cannot be reverted. Please switch to the original database where 'Execute As' was called and try it again.

Having traced the code through, the following code was found within the SSISDB.catalog.start_execution and SSISDB.internal.prepare_execution stored procedures

EXECUTE AS CALLER
...  
REVERT

This resulted in the statement failing as it was overriding the proxy account that was being attempted to be specified. By commenting out the REVERT statement in SSISDB.catalog.start_execution and SSISDB.internal.prepare_execution, the code ran through successfully executing as the Proxy account.

I'm not keen on the idea of bypassing code that a developer has put in for a reason, but I need a means to execute the statement through a stored procedure as the proxy account, and this method works. Can anyone advise if there would be any consequence to using an alternative version of the SSISDB.catalog.start_execution and SSISDB.internal.prepare_execution stored procedures that does not reference REVERT?

Thanks,

Ian

like image 300
Ian Mitchell Avatar asked Oct 17 '22 14:10

Ian Mitchell

1 Answers

To achieve executing an SSIS package as a different user from SSISDB you need to utilize some functionality from the SQL Server Agent.

You need to create a credential that has db_datareader access to SSIS db. You need to setup a Proxy that has rights to Execute Integration Services Packages.

Finally, once you have those pre-requisites setup you can create a SQL Server Agent job that runs your SSIS package from the Integration Services Catalog as whatever proxy account you setup.

Here is an article that gives a more detail approach on how to setup what I was describing above: https://www.mssqltips.com/sqlservertip/2163/running-a-ssis-package-from-sql-server-agent-using-a-proxy-account/

like image 196
vvvv4d Avatar answered Oct 27 '22 10:10

vvvv4d
Sign in to Comment

Related questions

using EXCEPT or INTERSECT to only show mismatched rows
Prevent Non-SELECT SQL Statements
Alphanumeric Sorting in Sql Server 2008
Determine last updated row in a group when using multiple joins
How to get second highest Salary of Account Department?
Server out-of-memory issue when using RJDBC in paralel computing environment
Insert Into From Select Performance SQL Server
Measure application performance by aggregating SQL audit records
SSIS Script Task- Connecting the ADO.NET and populating DataTable
C# Query Select first since value changed
ORDER BY in SQL Server vs Postgresql
Alternative to .ToList() to return HUGE quantity of data?
SQL Server - Create temp table if doesn't exist
GMT to EST Time zone conversion SSIS/SQL Server
SQL Server 2016 LocalDb connection issue
Sum rows on basis of current and next row
How exactly can i troubleshoot MEMORY_ALLOCATION_EXT waits?
RODBC odbcDriverConnect() Connection Error
Login failed for user 'IIS APPPOOL\myAppPool
Table valued parameter in a stored procedure gets execute permissions denied error

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!