Permiso para ver el informe de ejecución en el Catálogo SSIS

8

Actualmente estamos utilizando SSIS 2012. ¿Hay alguna forma para que un usuario vea informes de ejecución en el Catálogo SSIS sin ser ssis_admin o sysadmin?

Esto es para el entorno de producción y no queremos que las personas manipulen los proyectos del Catálogo SSIS.

¡Gracias!

Joann.B
fuente

Respuestas:

11

Aquí está nuestra solución (¡créeme, funcionará perfectamente!)

Después de investigar el procedimiento sobre cómo se almacenan los informes de ejecución, descubrimos que cada vez que se ejecuta un trabajo, se actualizará la tabla de ejecuciones internal.exe en SSISDB. Y para ver el informe de ejecución de esta ejecución, necesitamos ejecutar algo como a continuación:

EXEC SSISDB.catalog.grant_permission 
    @object_type = 4, 
    @object_id = @execution_id, 
    @principal_ID =  13, 
    @permission_type = 1;

Este procedimiento almacenado otorgará a un rol / usuario un cierto acceso a un objeto en la base de datos. @object_type significa en qué tipo de objeto necesita permisos (4 significa operación); @object_id significa el objeto específico al que queremos acceder; @principal_ID significa quién quiere obtener el acceso; permission_type significa qué tipo de acceso queremos tener (1 significa solo lectura). Para obtener más información, consulte catalog.grant_permission (Base de datos SSISDB)

Nuestro objetivo es crear un activador que se ejecute cada vez que se ejecuta un trabajo, lo que significa que se inserta la tabla de ejecuciones internal.exe, utilizando el SP anterior para otorgarle a un rol el permiso para esa información de operación.

Luego, sigamos los pasos a continuación para configurar los permisos de visualización del informe de ejecución:

  1. Cree un usuario, el disparador se ejecutará como. Este usuario debería poder ejecutar un disparador en SSISDB y tener acceso al Catálogo SSIS. En nuestro caso, le asignamos el rol db_owner y ssis_admin en SSISDB.

    USE [master]
    GO
    CREATE LOGIN [ssis_job_viewer] FROM WINDOWS WITH DEFAULT_DATABASE=[master]
    GO
    USE [SSISDB]
    GO
    CREATE USER [ssis_job_viewer] FOR LOGIN [ssis_job_viewer]
    GO
    USE [SSISDB]
    GO
    ALTER ROLE [db_owner] ADD MEMBER [ssis_job_viewer]
    GO
    USE [SSISDB]
    GO
    ALTER ROLE [ssis_admin] ADD MEMBER [ssis_job_viewer]
    GO
    
  2. Cree un rol [package_execution_viewer]. Este rol se utilizará en el procedimiento almacenado que mencionamos anteriormente.

    USE [SSISDB]
    GO
    CREATE ROLE [package_execution_viewer]
    GO
    
  3. Agregar usuarios a [package_execution_viewer]

    USE [SSISDB]
    GO
    ALTER ROLE [package_execution_viewer] ADD MEMBER [user1]
    GO
    USE [SSISDB]
    GO
    ALTER ROLE [package_execution_viewer] ADD MEMBER [user2]
    GO
    
  4. Obtenga el principio_id de la función package_execution_viewer. Esta identificación también se utilizará en el SP anterior.

    SELECT * from sys.database_principals
    GO
    
  5. Crear disparador para otorgar permiso para package_execution_viewer

    USE [SSISDB]
    GO
    SET ANSI_NULLS ON
    GO
    SET QUOTED_IDENTIFIER ON
    GO
    CREATE TRIGGER [internal].[update_viewer_perms]
    ON [internal].[executions]
    WITH EXECUTE AS 'ssis_job_viewer'
    AFTER INSERT
    AS
    declare @execution_id bigint
    BEGIN
    select @execution_id = execution_id from inserted
    EXEC SSISDB.catalog.grant_permission 
        @object_type = 4, 
        @object_id = @execution_id, 
        @principal_ID =  13, 
        @permission_type = 1   **--Note the principal_id needs to be changed**
    END
    GO
    

Todo listo. De esta forma, podemos permitir que las personas accedan a los informes de ejecución sin hacerlos como ssis_admin. ¡Pruébalo y comparte tus pensamientos sobre esta publicación!

Joann.B
fuente
9

Con la advertencia de que no soy una persona de seguridad ...

No hay una función de base de datos predefinida ssis_adminque no sea especial para SSISDB. Eso le permite a uno hacer todas las cosas de SSIS, pero eso es claramente más poder del que debería tener una persona de soporte.

Hay dos esquemas, internaly catalog. El catálogo está destinado a nosotros, los usuarios finales para interactuar con el SSISDB mientras interno es, por citar un gran manual

¡IST NICHT FÜR DER GEFINGERPOKEN UND MITTENGRABEN!

Encendí el generador de perfiles y observé mientras hacía clic en los informes de ejecución y los subinformes. Todas las consultas son consultas en línea contra el catalogesquema. Los procesos y la función que están en el catalogesquema parecen estar relacionados con el mantenimiento y la administración de los paquetes, por lo que si creó un rol que

Puede ejecutar con la respuesta de Martin para otorgar acceso a todas las vistas basadas en el catálogo, pero como soy vago,

Intentaría algo como esto. Creo un rol llamado LookIt, agrego mis miembros y luego les doy permiso SELECCIONAR a todo el esquema del catálogo

USE [SSISDB]
GO
CREATE ROLE [LookIt]
GO
USE [SSISDB]
GO
ALTER ROLE [LookIt] ADD MEMBER [MyPeople]
GO
use [SSISDB]
GO
GRANT SELECT ON SCHEMA::[catalog] TO [LookIt]
GO

Editar 2015-10-08

Alégrate, para aquellos de ustedes que están viendo SQL Server 2016. Se avecina una nueva función SSIS que permitirá a los usuarios sin privilegios la capacidad de usar las herramientas de informes nativas. Ese rol se llama ssis_logreaderOtorgar membresía a ese rol permitirá a los usuarios acceder a todos los informes sin otorgarles la capacidad de administrar la instancia de SSIS o el servidor completo.

billinkc
fuente
3

Muy simple ... Comente la WHEREcláusula en estas dos vistas:

SSISDB.catalog.executions
SSISDB.catalog.event_messages

Hecho.

Cambie la vista catalog.event_messagescomentando la WHEREcláusula:

--WHERE opmsg.[operation_id] in (SELECT [id] FROM [internal]. 
--[current_user_readable_operations]) OR (IS_MEMBER('ssis_admin') = 1) OR 
--(IS_SRVROLEMEMBER('sysadmin') = 1)

Haz lo mismo con la vista Catalog.executions.

Todavía no he encontrado ningún efecto secundario y lo he implementado durante 3 meses en entornos PROD y QA.

Doug
fuente
3

Comentando la WHEREcláusula en estas vistas de SSISDB:

  • SSISDB.catalog.executions
  • SSISDB.catalog.event_messages
  • SSISDB.Catalog.folders

y proporcionar el DB_READERacceso al usuario / grupo en SSISDB. Validado / verificado en SQL 2012/2014

Balaji Rajaram
fuente
1

Así que este es un problema con el que me he encontrado en los últimos días, y debo decir que esta publicación definitivamente ha ayudado, aunque ninguna de las respuestas fue exactamente lo que ayudó.

Entonces, como dice esta publicación, quería dar acceso para ver los informes enlatados del Catálogo de Integration Services, sin tener que otorgar el rol SSIS_admin en un entorno donde no es necesario. Y gracias a billinkc por ayudarme a encontrar la respuesta. Como dijo, solucionaron este problema en SQL 2016 al agregar una función de base de datos que le permite hacer lo que queremos. Eso me dio la idea de copiar lo que SQL 2016 hizo en las versiones anteriores. Entonces, esto es lo que tienes que hacer:

  • Cree una función de base de datos dentro de SSISDB. Llamé al mío ssis_logreader por coherencia.
  • Cambie la lógica de las siguientes Vistas SSISDB para contener OR (IS_MEMBER('ssis_logreader') = 1)en la cláusula where.
  • [catálogo]. [operaciones]

    [catálogo]. [mensajes_operativos]

    [catálogo]. [event_message_context]

    [catálogo]. [eventos_mensajes]

    [catálogo]. [estadísticas_ ejecutables]

    [catálogo]. [ejecutables]

    [catálogo]. [execute_component_phases]

    [catálogo]. [estadísticas_data_datos]

    [catálogo]. [ejecución_data_taps]

    [catálogo]. [valores_parámetros_ejecución]

    [catálogo]. [execute_property_override_values]

    [catálogo]. [ejecuciones]

    [catálogo]. [información_operación_expandida]

    [catálogo]. [mensajes_operativos]

    [catálogo]. [operaciones]

    [catálogo]. [paquetes]

    [catálogo]. [proyectos]

    [catálogo]. [validaciones]

  • Luego agregue el usuario y / o grupos de usuarios a ese rol de base de datos.

Una vez que haya hecho eso, debería solucionar sus problemas.

También he adjuntado un script que hará todo menos el último paso. Sin embargo, ten en cuenta que tiene casi 700 líneas de largo.

Gracias.

USE SSISDB
GO


CREATE ROLE [ssis_logreader]
GO


----------------------------------------------------------------------------------------------
USE [SSISDB]
GO

/****** Object:  View [catalog].[operations]    Script Date: 10/5/2016 8:38:56 AM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO


ALTER VIEW [catalog].[operations]
AS
SELECT     [operation_id], 
           [operation_type], 
           [created_time],
           [object_type],
           [object_id],
           [object_name],
           [status], 
           [start_time], 
           [end_time], 
           [caller_sid], 
           [caller_name], 
           [process_id],
           [stopped_by_sid],
           [stopped_by_name],
           [server_name],
           [machine_name]
FROM       internal.[operations]
WHERE      [operation_id] in (SELECT [id] FROM [internal].[current_user_readable_operations])
           OR (IS_MEMBER('ssis_admin') = 1)
           OR (IS_SRVROLEMEMBER('sysadmin') = 1)
           OR (IS_MEMBER('ssis_logreader') = 1)


GO

-----------------------------------------------------------------------------------------------------------
USE [SSISDB]
GO

/****** Object:  View [catalog].[operation_messages]    Script Date: 10/5/2016 8:38:32 AM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO


ALTER VIEW [catalog].[operation_messages]
AS
SELECT     [operation_message_id], 
           [operation_id], 
           [message_time],
           [message_type],  
           [message_source_type], 
           [message], 
           [extended_info_id]
FROM       [internal].[operation_messages] 
WHERE      [operation_id] in (SELECT [id] FROM [internal].[current_user_readable_operations])
           OR (IS_MEMBER('ssis_admin') = 1)
           OR (IS_SRVROLEMEMBER('sysadmin') = 1)
           OR (IS_MEMBER('ssis_logreader') = 1)


GO
-----------------------------------------------------------------------------------------------------------------------


USE [SSISDB]
GO

/****** Object:  View [catalog].[event_message_context]    Script Date: 10/5/2016 8:12:27 AM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO



ALTER VIEW [catalog].[event_message_context]
AS
SELECT     [context_id],
           [event_message_id],
           [context_depth],
           [package_path],
           [context_type],
           [context_source_name],
           [context_source_id],
           [property_name],
           [property_value]
FROM       [internal].[event_message_context]
WHERE      [operation_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
           OR (IS_MEMBER('ssis_admin') = 1)
           OR (IS_SRVROLEMEMBER('sysadmin') = 1)
           OR (IS_MEMBER('ssis_logreader') = 1)


GO


-----------------------------------------------------------------------------------------------------------------------

USE [SSISDB]
GO

/****** Object:  View [catalog].[event_messages]    Script Date: 10/5/2016 8:13:44 AM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO



ALTER VIEW [catalog].[event_messages]
AS
SELECT     opmsg.[operation_message_id] AS [event_message_id],
           opmsg.[operation_id], 
           opmsg.[message_time],
           opmsg.[message_type],
           opmsg.[message_source_type],  
           opmsg.[message], 
           opmsg.[extended_info_id],
           eventmsg.[package_name],
           eventmsg.[event_name],

           message_source_name = 
                      CASE 
                        WHEN (opmsg.message_source_type = 10) THEN 'ISServerExec' 
                        WHEN (opmsg.message_source_type = 20) THEN 'Transact-SQL stored procedure'
                        ELSE eventmsg.message_source_name
                    END,
           eventmsg.[message_source_id],
           eventmsg.[subcomponent_name],
           eventmsg.[package_path],
           eventmsg.[execution_path],
           eventmsg.[threadID],
           eventmsg.[message_code]
FROM       [internal].[operation_messages] opmsg LEFT JOIN [internal].[event_messages] eventmsg
           ON opmsg.[operation_message_id] = eventmsg.[event_message_id]
WHERE      opmsg.[operation_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
           OR (IS_MEMBER('ssis_admin') = 1)
           OR (IS_SRVROLEMEMBER('sysadmin') = 1)
           OR (IS_MEMBER('ssis_logreader') = 1)


GO


----------------------------------------------------------------------------------------------------------------------

USE [SSISDB]
GO

/****** Object:  View [catalog].[executable_statistics]    Script Date: 10/5/2016 8:14:02 AM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO



ALTER VIEW [catalog].[executable_statistics]
AS
SELECT     [statistics_id], 
           [execution_id],
           [executable_id], 
           [execution_path], 
           [start_time],
           [end_time],
           [execution_duration], 
           [execution_result],
           [execution_value]
FROM       [internal].[executable_statistics]
WHERE      [execution_id] IN (SELECT id FROM [internal].[current_user_readable_operations])
           OR (IS_MEMBER('ssis_admin') = 1)
           OR (IS_SRVROLEMEMBER('sysadmin') = 1)
           OR (IS_MEMBER('ssis_logreader') = 1)



GO


----------------------------------------------------------------------------------------------------------------------

USE [SSISDB]
GO

/****** Object:  View [catalog].[executables]    Script Date: 10/5/2016 8:14:22 AM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO



ALTER VIEW [catalog].[executables]
AS
SELECT DISTINCT    
           execl.[executable_id], 
           execs.[execution_id], 
           execl.[executable_name], 
           execl.[executable_guid],
           execl.[package_name],
           execl.[package_path]
FROM       ([internal].[executions] execs INNER JOIN [internal].[executable_statistics] stat 
           ON execs.[execution_id] = stat.[execution_id]) INNER JOIN [internal].[executables] execl
           ON stat.[executable_id] = execl.[executable_id] 
WHERE      execs.[execution_id] IN (SELECT id FROM [internal].[current_user_readable_operations])
           OR (IS_MEMBER('ssis_admin') = 1)
           OR (IS_SRVROLEMEMBER('sysadmin') = 1)
           OR (IS_MEMBER('ssis_logreader') = 1)


GO

-------------------------------------------------------------------------------------------------------------------------

USE [SSISDB]
GO

/****** Object:  View [catalog].[execution_component_phases]    Script Date: 10/5/2016 8:24:40 AM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO


ALTER VIEW [catalog].[execution_component_phases]
AS
SELECT   startPhase.[phase_stats_id] AS [phase_stats_id],
         startPhase.[execution_id] AS [execution_id],
         startPhase.[package_name] AS [package_name],
         startPhase.[task_name] AS [task_name],
         startPhase.[subcomponent_name] AS [subcomponent_name],
         startPhase.[phase] AS [phase],
         startPhase.[phase_time] AS [start_time],
         endPhase.[phase_time] AS [end_time],
         startPhase.[execution_path] AS [execution_path]
FROM     [internal].[execution_component_phases] startPhase LEFT JOIN [internal].[execution_component_phases] endPhase
         ON startPhase.[phase_stats_id] != endPhase.[phase_stats_id]
         AND startPhase.[execution_id] = endPhase.[execution_id]
         AND startPhase.[sequence_id] = endPhase.[sequence_id]
WHERE    startPhase.[is_start] = 'True' AND (endPhase.[is_start] = 'False' OR endPhase.[is_start] IS NULL)
         AND (startPhase.[execution_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
         OR (IS_MEMBER('ssis_admin') = 1)
         OR (IS_SRVROLEMEMBER('sysadmin') = 1))
         OR (IS_MEMBER('ssis_logreader') = 1)

GO

--------------------------------------------------------------------------------------------------------------------------

USE [SSISDB]
GO

/****** Object:  View [catalog].[execution_data_statistics]    Script Date: 10/5/2016 8:25:01 AM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO


ALTER VIEW [catalog].[execution_data_statistics]
AS
SELECT    [data_stats_id],
          [execution_id],
          [package_name],
          [task_name],
          [dataflow_path_id_string],
          [dataflow_path_name],
          [source_component_name],
          [destination_component_name],
          [rows_sent],
          [created_time],
          [execution_path]
FROM      [internal].[execution_data_statistics]
WHERE     [execution_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
          OR (IS_MEMBER('ssis_admin') = 1)
          OR (IS_SRVROLEMEMBER('sysadmin') = 1)
          OR (IS_MEMBER('ssis_logreader') = 1)

GO

----------------------------------------------------------------------------------------------------------------------------

USE [SSISDB]
GO

/****** Object:  View [catalog].[execution_data_taps]    Script Date: 10/5/2016 8:25:36 AM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO


ALTER VIEW [catalog].[execution_data_taps]
AS
SELECT    [data_tap_id],
          [execution_id],
          [package_path],
          [dataflow_path_id_string],
          [dataflow_task_guid],
          [max_rows],
          [filename]
FROM      [internal].[execution_data_taps]
WHERE     [execution_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
          OR (IS_MEMBER('ssis_admin') = 1)
          OR (IS_SRVROLEMEMBER('sysadmin') = 1)
          OR (IS_MEMBER('ssis_logreader') = 1)

GO

--------------------------------------------------------------------------------------------------------------------------

USE [SSISDB]
GO

/****** Object:  View [catalog].[execution_parameter_values]    Script Date: 10/5/2016 8:26:01 AM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO



ALTER VIEW [catalog].[execution_parameter_values]
AS
SELECT     [execution_parameter_id], 
           [execution_id],
           [object_type], 
           [parameter_data_type], 
           [parameter_name], 
           [parameter_value], 
           [sensitive],
           [required],
           [value_set], 
           [runtime_override]
FROM       [internal].[execution_parameter_values]
WHERE      [execution_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
           OR (IS_MEMBER('ssis_admin') = 1)
           OR (IS_SRVROLEMEMBER('sysadmin') = 1)
           OR (IS_MEMBER('ssis_logreader') = 1)

GO

------------------------------------------------------------------------------------------------------------------

USE [SSISDB]
GO

/****** Object:  View [catalog].[execution_property_override_values]    Script Date: 10/5/2016 8:26:24 AM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO



ALTER VIEW [catalog].[execution_property_override_values]
AS
SELECT     [property_id], 
           [execution_id],
           [property_path], 
           [property_value], 
           [sensitive]
FROM       [internal].[execution_property_override_values]
WHERE      [execution_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
           OR (IS_MEMBER('ssis_admin') = 1)
           OR (IS_SRVROLEMEMBER('sysadmin') = 1)
           OR (IS_MEMBER('ssis_logreader') = 1)

GO

--------------------------------------------------------------------------------------------------------------------

USE [SSISDB]
GO

/****** Object:  View [catalog].[executions]    Script Date: 10/5/2016 8:26:52 AM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO




ALTER VIEW [catalog].[executions]
AS
SELECT     execs.[execution_id], 
           execs.[folder_name], 
           execs.[project_name], 
           execs.[package_name],
           execs.[reference_id],
           execs.[reference_type], 
           execs.[environment_folder_name], 
           execs.[environment_name], 
           execs.[project_lsn], 
           execs.[executed_as_sid], 
           execs.[executed_as_name], 
           execs.[use32bitruntime],  
           opers.[operation_type], 
           opers.[created_time],  
           opers.[object_type], 
           opers.[object_id],
           opers.[status], 
           opers.[start_time], 
           opers.[end_time],  
           opers.[caller_sid], 
           opers.[caller_name], 
           opers.[process_id], 
           opers.[stopped_by_sid], 
           opers.[stopped_by_name],
           opers.[operation_guid] AS [dump_id],
           opers.[server_name],
           opers.[machine_name],
           ossysinfos.[total_physical_memory_kb],
           ossysinfos.[available_physical_memory_kb],
           ossysinfos.[total_page_file_kb],
           ossysinfos.[available_page_file_kb],
           ossysinfos.[cpu_count]
FROM       [internal].[executions] execs INNER JOIN [internal].[operations] opers 
           ON execs.[execution_id]= opers.[operation_id]
           LEFT JOIN [internal].[operation_os_sys_info] ossysinfos
           ON ossysinfos.[operation_id]= execs.[execution_id]
WHERE      opers.[operation_id] IN (SELECT id FROM [internal].[current_user_readable_operations])
           OR (IS_MEMBER('ssis_admin') = 1)
           OR (IS_SRVROLEMEMBER('sysadmin') = 1)
           OR (IS_MEMBER('ssis_logreader') = 1)

GO

--------------------------------------------------------------------------------------------------------------------

USE [SSISDB]
GO

/****** Object:  View [catalog].[extended_operation_info]    Script Date: 10/5/2016 8:27:45 AM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO



ALTER VIEW [catalog].[extended_operation_info]
AS
SELECT     [info_id], 
           [operation_id], 
           [object_name], 
           [object_type],
           [reference_id],
           [status], 
           [start_time], 
           [end_time]
FROM       [internal].[extended_operation_info]
WHERE      [operation_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
           OR (IS_MEMBER('ssis_admin') = 1)
           OR (IS_SRVROLEMEMBER('sysadmin') = 1)
           OR (IS_MEMBER('ssis_logreader') = 1)


GO

--------------------------------------------------------------------------------------------------------------------------

USE [SSISDB]
GO

/****** Object:  View [catalog].[operation_messages]    Script Date: 10/5/2016 8:29:30 AM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO



ALTER VIEW [catalog].[operation_messages]
AS
SELECT     [operation_message_id], 
           [operation_id], 
           [message_time],
           [message_type],  
           [message_source_type], 
           [message], 
           [extended_info_id]
FROM       [internal].[operation_messages] 
WHERE      [operation_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
           OR (IS_MEMBER('ssis_admin') = 1)
           OR (IS_SRVROLEMEMBER('sysadmin') = 1)
           OR (IS_MEMBER('ssis_logreader') = 1)

GO

-------------------------------------------------------------------------------------------------------------------------------

USE [SSISDB]
GO

/****** Object:  View [catalog].[operations]    Script Date: 10/5/2016 8:29:55 AM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO



ALTER VIEW [catalog].[operations]
AS
SELECT     [operation_id], 
           [operation_type], 
           [created_time],
           [object_type],
           [object_id],
           [object_name],
           [status], 
           [start_time], 
           [end_time], 
           [caller_sid], 
           [caller_name], 
           [process_id],
           [stopped_by_sid],
           [stopped_by_name],
           [server_name],
           [machine_name]
FROM       internal.[operations]
WHERE      [operation_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
           OR (IS_MEMBER('ssis_admin') = 1)
           OR (IS_SRVROLEMEMBER('sysadmin') = 1)
           OR (IS_MEMBER('ssis_logreader') = 1)

GO

----------------------------------------------------------------------------------------------------------------------------

USE [SSISDB]
GO

/****** Object:  View [catalog].[packages]    Script Date: 10/5/2016 8:31:07 AM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO



ALTER VIEW [catalog].[packages]
AS
SELECT     pkgs.[package_id], 
           pkgs.[name], 
           pkgs.[package_guid], 
           pkgs.[description],
           pkgs.[package_format_version], 
           pkgs.[version_major],  
           pkgs.[version_minor], 
           pkgs.[version_build], 
           pkgs.[version_comments], 
           pkgs.[version_guid], 
           pkgs.[project_id],
           pkgs.[entry_point],
           pkgs.[validation_status],
           pkgs.[last_validation_time]
FROM       [internal].[packages] pkgs INNER JOIN [internal].[projects] proj ON 
           (pkgs.[project_version_lsn] = proj.[object_version_lsn] 
           AND pkgs.[project_id] = proj.[project_id]) INNER JOIN
           [internal].[object_versions] vers ON ( vers.[object_type] =20 AND
           vers.[object_id] = proj.[project_id] 
           AND vers.[object_version_lsn] = proj.[object_version_lsn])

WHERE      pkgs.[project_id] IN (SELECT [id] FROM [internal].[current_user_readable_projects])
           OR (IS_MEMBER('ssis_admin') = 1)
           OR (IS_SRVROLEMEMBER('sysadmin') = 1)
           OR (IS_MEMBER('ssis_logreader') = 1)

GO

-------------------------------------------------------------------------------------------------------------------

USE [SSISDB]
GO

/****** Object:  View [catalog].[projects]    Script Date: 10/5/2016 8:31:31 AM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO



ALTER VIEW [catalog].[projects]
AS
SELECT     proj.[project_id],
           [internal].[folders].[folder_id],
           proj.[name],
           proj.[description],
           proj.[project_format_version], 
           proj.[deployed_by_sid], 
           proj.[deployed_by_name], 
           proj.[last_deployed_time], 
           proj.[created_time],
           proj.[object_version_lsn],  
           proj.[validation_status], 
           proj.[last_validation_time]

FROM       [internal].[object_versions] ver INNER JOIN
           [internal].[projects] proj ON (ver.[object_id] = proj.[project_id]
           AND ver.[object_version_lsn] = proj.[object_version_lsn]) INNER JOIN
           [internal].[folders] ON proj.[folder_id] = [internal].[folders].[folder_id]
WHERE      (ver.[object_status] = 'C') 
           AND (ver.[object_type]= 20) 
           AND (
                  proj.[project_id] IN (SELECT [id] FROM [internal].[current_user_readable_projects])
                  OR (IS_MEMBER('ssis_admin') = 1)
                  OR (IS_SRVROLEMEMBER('sysadmin') = 1)
                  OR (IS_MEMBER('ssis_logreader') = 1)
                )


GO
-------------------------------------------------------------------------------------------------------------------

USE [SSISDB]
GO

/****** Object:  View [catalog].[validations]    Script Date: 10/5/2016 8:31:54 AM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO



ALTER VIEW [catalog].[validations]
AS
SELECT     vals.[validation_id], 
           vals.[environment_scope], 
           vals.[validate_type],
           vals.[folder_name],
           vals.[project_name],         
           vals.[project_lsn],
           vals.[use32bitruntime],
           vals.[reference_id], 
           opers.[operation_type],
           opers.[object_name],  
           opers.[object_type], 
           opers.[object_id], 
           opers.[start_time], 
           opers.[end_time], 
           opers.[status], 
           opers.[caller_sid], 
           opers.[caller_name], 
           opers.[process_id],
           opers.[stopped_by_sid], 
           opers.[stopped_by_name],
           opers.[operation_guid] AS [dump_id],
           opers.[server_name],
           opers.[machine_name]
FROM       [internal].[validations] vals INNER JOIN [internal].[operations] opers 
           ON vals.[validation_id] = opers.[operation_id]
WHERE      opers.[operation_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
           OR (IS_MEMBER('ssis_admin') = 1)
           OR (IS_SRVROLEMEMBER('sysadmin') = 1)
           OR (IS_MEMBER('ssis_logreader') = 1)

GO

-------------------------------------------------------------------------------------------------------------------
Chap Wolff
fuente
Esto esta muy bien. Yo también opté por crear el papel de coherencia con la forma en que abordaré esto cuando pasemos a 2016. Gracias por el guión.
Jason
De nada. Y en realidad puedes nombrar el rol como quieras, fui con ssis_logreader para mantener la coherencia con las versiones posteriores
Chap Wolff
1

Tuve el mismo problema. Después de mirar la consulta subrayada con el foco en la cláusula where.

    WHERE      opmsg.[operation_id] in (SELECT [id] FROM [internal].   [current_user_readable_operations])
       OR (IS_MEMBER('ssis_admin') = 1)
       OR (IS_SRVROLEMEMBER('sysadmin') = 1)

A medida que la consulta comprueba la pertenencia a la función ssis_admin. Decidí otorgar mi rol report_reader al rol de base de datos ssis_admin.

Al ejecutar la consulta de forma independiente, recibí un error de permiso de selección. Entonces, le otorgué permisos de selección de roles al catálogo y a los esquemas internos.

GRANT SELECT ON SCHEMA::[catalog] TO ssis_admin;
GRANT SELECT ON SCHEMA::[internal] TO ssis_admin;

Espero que esto ayude a alguien.

petemill66
fuente
1

En SQL Server 2014

Parece que hay una solución más simple.

  1. En la carpeta Seguridad, cree un inicio de sesión (Usuario o Grupo de AD).
  2. Establecer roles de servidor en "Público"
  3. Establezca la asignación de usuario en "SSISDB"
  4. En los catálogos de Integration Services, navegue a la carpeta que contiene los paquetes en los que desea ejecutar informes
  5. Haga clic derecho y seleccione "Propiedades"
  6. Seleccione "Permisos"
  7. Seleccione "Examinar"
  8. Seleccione el nuevo usuario / grupo que se creó en el paso 1
  9. Conceder permisos "Leer" y "Leer objetos".

Ya terminaste

Nota: He probado esto en SQL Server 2014 y funciona. Estoy seguro de que funcionará en 2012 en adelante.

J Weezy
fuente
0

Esto solucionó mi problema. Recibí la solución de Petemill66, así que gracias

usar SSISDB

CONCESIÓN SELECCIONE EN EL ESQUEMA :: [catálogo] A ssis_admin;

CONCESIÓN SELECCIONE EN EL ESQUEMA :: [interno] A ssis_admin;

Actualización de la CONCESIÓN SOBRE EL ESQUEMA :: [catálogo] TO ssis_admin;

Actualización de la CONCESIÓN SOBRE EL ESQUEMA :: [interno] A ssis_admin;

Duane Lawrence
fuente