SSIS 2012 project deployment permissions issue

Hi Everyone,

I am facing issue with the project deployment permissions. The requirement is to execute the package from SQL Server Agent with minimal permissions because of security constraints. SSIS and database are in different servers. The below are the steps we followed

1) Created a windows user account login and mapped it to both the servers
2) This login is the dbowner in the database server for the database we require
3) In the SSIS Server, created a login for the windows user and mapped it to the SQL Server Agent Job step that runs the package through a proxy account. We have mapped SQLServerAgentReaderRole and SQLServerAgentUserRole  in msdb database roles to the login.
4) We have mapped the user to SSISDB, database role - public
5) Given Read access to the project folder and Read/Execute to the project in Integration Services Catalog

We get the below error , when we try to execute the package using the login

Executed as user: ABCD\XXXXX. Microsoft (R) SQL Server Execute Package Utility  Version 11.0.5058.0 for 64-bit  Copyright (C) Microsoft Corporation. All rights reserved.    Started:  9:23:11 AM  Failed to execute IS server package because of error 0x80131904. Server: XXXXX, Package path: \SSISDB\XXXX\XXXX\Package.dtsx, Environment reference Id: NULL.  Description: The EXECUTE permission was denied on the object 'start_execution', database 'SSISDB', schema 'catalog'.  Source: .Net SqlClient Data Provider  Started:  9:23:11 AM  Finished: 9:23:12 AM  Elapsed:  1.062 seconds.  The package execution failed.  The step failed.


It works, if we set DBOwner database role for the login in SSISDB. But we cannot use DBOwner role.

Kindly let me know where we are going wrong.

Your help is highly appreciated.

Thanks,
VAPV
s vapvArchitectAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Arifhusen AnsariBusiness Intelligence Developer and AnalystCommented:
I think you have to grant Execute permission for that user on the  the project you have deployed.

Goto -> Integration Service Catalogs -> SSISDB -> Flolder -> Project - > select the desire deployed project.

Right click on it go to property. Add you login user and grant the permission on it.

Please refer the screenshot.
Let me know if you have question.

You can also refer the nice article to have more idea on this.

http://blogs.msdn.com/b/mattm/archive/2012/03/20/ssis-catalog-access-control-tips.aspx

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
s vapvArchitectAuthor Commented:
Hi,

Thanks for your feedback.Sorry for the delayed response.

 We were able to resolve this issue by giving DBowner permissions to the users in SSISDB

Thanks,
VAPV
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SQL Server

From novice to tech pro — start learning today.