Results 1 to 10 of 10

Thread: Server roles and DTS packages

  1. 11-01-2004, 03:54 PM #1
    John Shahan
    John Shahan is offline Registered User
    Join Date
    Oct 2002
    Posts
    34

    Server roles and DTS packages

    Short of system administrator, does anyone know what server role a login must be assigned to in order to execute DTS package in Query Analyzer?
    Reply With Quote Reply With Quote
  2. 11-01-2004, 04:32 PM #2
    rmiao
    rmiao is offline Registered User
    Join Date
    Sep 2002
    Posts
    5,938
    You have to use xp_cmdshell to call dtsrun, anyone has exec permission on xp_cmdshell can do that.
    Reply With Quote Reply With Quote
  3. 11-01-2004, 04:52 PM #3
    John Shahan
    John Shahan is offline Registered User
    Join Date
    Oct 2002
    Posts
    34
    My stored procedure was running sp_OACreate which is an extended stored procedure which requires sysadmin priviledges.

    I wish I understood why those are nailed down so tight.
    Reply With Quote Reply With Quote
  4. 11-01-2004, 04:53 PM #4
    Rawhide's Avatar
    Rawhide
    Rawhide is offline Registered User
    Join Date
    Feb 2003
    Posts
    1,048
    In SQL 2000, xp_cmdshell execute rights are granted only to members of the sysadmin server role. So unless someone grants you rights to it, you have to be a member of the sysadmin role.
    Reply With Quote Reply With Quote
  5. 11-01-2004, 04:54 PM #5
    Rawhide's Avatar
    Rawhide
    Rawhide is offline Registered User
    Join Date
    Feb 2003
    Posts
    1,048
    Originally posted by John Shahan
    I wish I understood why those are nailed down so tight.
    For security. So that general users can't create or execute malicous or dangerous code or programs on the server.
    Reply With Quote Reply With Quote
  6. 11-01-2004, 05:13 PM #6
    John Shahan
    John Shahan is offline Registered User
    Join Date
    Oct 2002
    Posts
    34
    So what do you do if you want a regular user to be able to execute a stored procedure that calls one of these?
    Reply With Quote Reply With Quote
  7. 11-01-2004, 05:20 PM #7
    Rawhide's Avatar
    Rawhide
    Rawhide is offline Registered User
    Join Date
    Feb 2003
    Posts
    1,048
    In general, I don't let regular users execute these.

    However, if they have a recurring task that can be and needs to be run on a regular schedule then I will set up a SQL Server job to run under the sa account. These instances are approved on a case by case basis.

    Another option is to provide a SQL Server login for the application/website to use for the execution of this.
    Reply With Quote Reply With Quote
  8. 11-02-2004, 08:39 AM #8
    John Shahan
    John Shahan is offline Registered User
    Join Date
    Oct 2002
    Posts
    34
    While I'm not really pleased with the available options, I need to say that I am very grateful for the benefit of your experience and willingness to share it.

    I thank you.
    Reply With Quote Reply With Quote
  9. 11-02-2004, 10:57 AM #9
    rmiao
    rmiao is offline Registered User
    Join Date
    Sep 2002
    Posts
    5,938
    As said you can grant whatever permission to users with security risk.
    Reply With Quote Reply With Quote
  10. 11-02-2004, 01:13 PM #10
    Rawhide's Avatar
    Rawhide
    Rawhide is offline Registered User
    Join Date
    Feb 2003
    Posts
    1,048
    rmiao brings up a good point.

    In my company, all developes have sa permissions in the development environment. Our applications and websites use a SQL Server account that is granted extra permissions (though not sa) in production. So they can develop and test procedures that require sa permissions. In production, if their code requires permissions beyond the application role login, it has to be approved and scheduled by me to go into production.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules