Re: DTS Security

From: Sue Hoegemeier (Sue_H@nomail.please)
Date: 08/21/02 

From: Sue Hoegemeier <Sue_H@nomail.please>
Date: Wed, 21 Aug 2002 06:29:21 -0600

A user can't log into the database without a login.
In your scenario the user was most likely able to execute
the package due to the guest account being enabled in msdb
and the public role having permissions on the dts related
stored procedures. In terms of the service, if this was a
trusted account, you should check your permissions on PC
where SQL Server is installed. Stopping and starting
services can be allowed through the operating system
rights/permissions.

-Sue

On Tue, 20 Aug 2002 13:54:15 +0800, "Johnathen Liew"
<johnliew@rocketmail.com> wrote:

>Donna,
>
>But we still need to create a login into the SQL Server, before any packages
>can be run....?
>
>We have a scenerio, where we need to create a DTS package, which is run by a
>designated user. This user should have no other rights other than running
>the DTS package. We created a login, with no Fixed Server Roles and no
>Database Roles. This user is able to execute the package, but he is able to
>stop the SQL Agent services as well, which is bad, but he cannot drop/create
>tables, which is good.
>
>Is this a SQL Server bug? Any idea anyone?
>
>Thanks
>Johnathen Liew
>
>"Donna Lambert [MS]" <dlambert@online.microsoft.com> wrote in message
>news:I0wk$8URCHA.2468@cpmsftngxa06...
>> Adrian,
>> Seems like it would be much simpler to password protect your dts packages.
>> Just a suggestion.
>> Donna Lambert
>> Microsoft SQL Server Support
>>
>>
>> Disclaimer:
>> This posting is provided "AS IS" with no warranties, and confers no
>rights.
>>
>> Are you secure? For information about the Microsoft Strategic Technology
>> Protection Program and to order your FREE Security Tool Kit, please visit
>> http://www.microsoft.com/security.
>>
>>
>> Recent viruses on the Internet underscore the threat to all computer users
>> and highlight challenges facing the entire industry in providing security
>> that everyone needs to conduct business. I encourage you to sign up to
>> receive automatic notification of Microsoft Security Bulletins by visiting
>>
>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
>> bulletin/notify.asp. For more information on security, our Strategic
>> Technology Protection Program and to order your FREE Security Tool Kit,
>> please visit http://www.microsoft.com/security. We will be happy to answer
>> any questions or provide assistance with your security needs.
>>
>> --------------------
>> | Content-Class: urn:content-classes:message
>> | From: "Adrian" <adrianw@persoft.com.my>
>> | Sender: "Adrian" <adrianw@persoft.com.my>
>> | Subject: DTS Security
>> | Date: Thu, 15 Aug 2002 20:29:53 -0700
>> | Lines: 8
>> | Message-ID: <2d4401c244d5$2fa91c50$35ef2ecf@TKMSFTNGXA11>
>> | MIME-Version: 1.0
>> | Content-Type: text/plain;
>> | charset="iso-8859-1"
>> | Content-Transfer-Encoding: 7bit
>> | X-Newsreader: Microsoft CDO for Windows 2000
>> | X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>> | Thread-Index: AcJE1S+pE2PllW9uQampwdIwCabugg==
>> | Newsgroups: microsoft.public.sqlserver.security
>> | Path: cpmsftngxa06
>> | Xref: cpmsftngxa06 microsoft.public.sqlserver.security:7577
>> | NNTP-Posting-Host: TKMSFTNGXA11 10.201.226.39
>> | X-Tomcat-NG: microsoft.public.sqlserver.security
>> |
>> | Hi,
>> | I want to create a user id where this id can only run
>> | DTS. Other function like starting of the SQL Agent, backup
>> | database should not be given access right. Could anyone
>> | help what type rights should i assign to this userid.
>> |
>> | Thanks
>> | Adrian
>> |
>>
>

Relevant Pages

  • Re: DTS Security
    ... But we still need to create a login into the SQL Server, ... the DTS package. ... For information about the Microsoft Strategic Technology ... > Protection Program and to order your FREE Security Tool Kit, ...
    (microsoft.public.sqlserver.security)
  • Re: DTS Packages fail when executed from Jobs
    ... Action Plan 1 - Modify the path of Dtsrun.exe ... Expand the server that is running SQL Server in SQL Server ... Action Plan 2 - Run the DTS Package on the server rather than on ...
    (microsoft.public.sqlserver.dts)
  • Re: DTS Packages fail when executed from Jobs
    ... Action Plan 2: It runs fine on the server when run from the DTS Designer. ... Expand the server that is running SQL Server in SQL Server ... > Action Plan 2 - Run the DTS Package on the server rather than on ...
    (microsoft.public.sqlserver.dts)
  • BUG: Login with no Fixed Server Role and DB Role can stop SQL Agent Service?
    ... the DTS package. ... We are using SQL Server 2000 Enterprise Edition with SP2. ... For information about the Microsoft Strategic Technology ... > Protection Program and to order your FREE Security Tool Kit, ...
    (microsoft.public.sqlserver.security)
  • Re: Problems launching DTS package from Stored Procedure
    ... I cannot really believe that EM is not installed on your SQL Server, ... sure if you can even install SQL Server without tools, ... machine to run a DTS package. ... >>>my DTS package consists of a table drop, a table creation, a connection to>>>Foxpro, a query to retrieve the data and a connection to SQL Server. ...
    (microsoft.public.sqlserver.dts)