I am facing issue with the project deployment permissions. The requirement is to execute the package from SQL Server Agent with minimal permissions because of security constraints. SSIS and database are in different servers. The below are the steps we followed
1) Created a windows user account login and mapped it to both the servers
2) This login is the dbowner in the database server for the database we require
3) In the SSIS Server, created a login for the windows user and mapped it to the SQL Server Agent Job step that runs the package through a proxy account. We have mapped SQLServerAgentReaderRole and SQLServerAgentUserRole in msdb database roles to the login.
4) We have mapped the user to SSISDB, database role - public
5) Given Read access to the project folder and Read/Execute to the project in Integration Services Catalog
We get the below error , when we try to execute the package using the login
Executed as user: ABCD\XXXXX. Microsoft (R) SQL Server Execute Package Utility Version 11.0.5058.0 for 64-bit Copyright (C) Microsoft Corporation. All rights reserved. Started: 9:23:11 AM Failed to execute IS server package because of error 0x80131904. Server: XXXXX, Package path: \SSISDB\XXXX\XXXX\Package.dtsx, Environment reference Id: NULL. Description: The EXECUTE permission was denied on the object 'start_execution', database 'SSISDB', schema 'catalog'. Source: .Net SqlClient Data Provider Started: 9:23:11 AM Finished: 9:23:12 AM Elapsed: 1.062 seconds. The package execution failed. The step failed.
It works, if we set DBOwner database role for the login in SSISDB. But we cannot use DBOwner role.
Kindly let me know where we are going wrong.
Your help is highly appreciated.