SSIS 2012 project deployment permissions issue

s vapv
s vapv used Ask the Experts™
on
Hi Everyone,

I am facing issue with the project deployment permissions. The requirement is to execute the package from SQL Server Agent with minimal permissions because of security constraints. SSIS and database are in different servers. The below are the steps we followed

1) Created a windows user account login and mapped it to both the servers
2) This login is the dbowner in the database server for the database we require
3) In the SSIS Server, created a login for the windows user and mapped it to the SQL Server Agent Job step that runs the package through a proxy account. We have mapped SQLServerAgentReaderRole and SQLServerAgentUserRole  in msdb database roles to the login.
4) We have mapped the user to SSISDB, database role - public
5) Given Read access to the project folder and Read/Execute to the project in Integration Services Catalog

We get the below error , when we try to execute the package using the login

Executed as user: ABCD\XXXXX. Microsoft (R) SQL Server Execute Package Utility  Version 11.0.5058.0 for 64-bit  Copyright (C) Microsoft Corporation. All rights reserved.    Started:  9:23:11 AM  Failed to execute IS server package because of error 0x80131904. Server: XXXXX, Package path: \SSISDB\XXXX\XXXX\Package.dtsx, Environment reference Id: NULL.  Description: The EXECUTE permission was denied on the object 'start_execution', database 'SSISDB', schema 'catalog'.  Source: .Net SqlClient Data Provider  Started:  9:23:11 AM  Finished: 9:23:12 AM  Elapsed:  1.062 seconds.  The package execution failed.  The step failed.


It works, if we set DBOwner database role for the login in SSISDB. But we cannot use DBOwner role.

Kindly let me know where we are going wrong.

Your help is highly appreciated.

Thanks,
VAPV
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Business Intelligence Developer and Analyst
Top Expert 2015
Commented:
I think you have to grant Execute permission for that user on the  the project you have deployed.

Goto -> Integration Service Catalogs -> SSISDB -> Flolder -> Project - > select the desire deployed project.

Right click on it go to property. Add you login user and grant the permission on it.

Please refer the screenshot.
Let me know if you have question.

You can also refer the nice article to have more idea on this.

http://blogs.msdn.com/b/mattm/archive/2012/03/20/ssis-catalog-access-control-tips.aspx
s vapvArchitect
Commented:
Hi,

Thanks for your feedback.Sorry for the delayed response.

 We were able to resolve this issue by giving DBowner permissions to the users in SSISDB

Thanks,
VAPV

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial