Sign in
 
HomeLibraryLearnDownloadsTroubleshootingCommunityForums
SQL Server Developer Center >
How to allow non sysadmin accounts to run xp_cmdsheel and execute SSIS packages?

回答済み How to allow non sysadmin accounts to run xp_cmdsheel and execute SSIS packages?

  • Friday, February 22, 2013 4:10 PM
     
     
    Sign In to Vote
    0

    Hi,

    We have recently modified our security policy and only 1 DBA can have sysadmin rights on the machine and service and other windows accounts have only minimal rights required for the tasks. We are getting following 2 errors and they are related to user not having sysadmin rights:

    1. Error message executing SSIS package from job when both job owner and service account don't have admin rights "Non-SysAdmins have been denied permission to run DTS Execution job steps without a proxy account"
    2. ". The EXECUTE permission was denied on the object 'xp_cmdshell', database 'mssqlsystemresource', schema 'sys' "

    I was checking forums and solution mentioned as following for issue 1 and something similar for issue 2:

    • creating credentional
    • create proxy account
    • Associate Proxy with Subsystem
    • Grant Permissions to Use Proxy
    • Specify Proxy to Use for Job Step

    Now when creating credential I as assuming we need to specify the DBA windows username/password for identify/secret since that user only have access to resources, Is this correct assumtion and if yes then we are kind of giving this user almost same permission to execute other tasks and use proxy account as workaround and is there any other approach to fix this issue?

     

All Replies