0

I have a stored procedure that execute an ssis import package, that stored procedure is called by a service broker queue. I get the following error :

'The server principal "sa" is not able to access the database "SSISDB" under the current security context.'
  • In the queue definition the activation procedure is setted "EXECUTE AS SELF"
  • The SSISDB owner appeards to be by my usual login (ActiveDirectory login) (Apparently only windows logins, not database logins, can use SSIS ?)
  • Tried to modify the queue definition to "EXECUTE AS " apparently sa can't impersonate another account.

Should I (and how / would that be harmless) change the SSISDB database owner to sa (well... dbo I guess ?) Is there another way to allow sa to execute the ssis package ?

Vincent Chalmel
  • 590
  • 1
  • 6
  • 28
  • 2
    Big topic. Your issue is not with SSIS as such, but a generic cross-database security issue (assuming you're using `SSISDB.catalog.start_execution` to run the package). There's lots to say about that. [Here's more background info than you probably want or need](http://sommarskog.se/grantperm.html). The "simple" solutions here involve twiddling `TRUSTWORTHY` and cross-database ownership chaining, but those have potential security implications that should be reviewed. – Jeroen Mostert May 29 '17 at 12:12
  • I tried to follow the article but I get "Msg 15199 The current security context is non-revertible" When executing as my user which is allowed to execute ssis packages... – Vincent Chalmel May 30 '17 at 07:56

0 Answers0