I have a group of users that need to run a SSIS package. Currently I am having them set up an Active Directory Group and have them assigned to that group.
I set up a SQL Server Agent Job with the type as SQL Server Integration Services Package to run the package.
Originally I set up one user to test with. I thought that if I gave the user under the msdb database db_ssisltduser and db_ssisoperator that he should be able to run the following code in a procedure:
USE msdb;
GO
EXEC dbo.sp_start_job N'MDET - Import Loading Tables';
GO
But he cannot so I have learned.
The error he gets is:
Msg 229, Level 14, State 5, Procedure sp_start_job, Line 1
The EXECUTE permission was denied on the object 'sp_start_job', database 'msdb', schema 'dbo'.
So I am not sure if I should grant execute to the procedure sp_start_job? Can that be done? Or that is something one should not do as a best policy?
So now I am not sure what the best approach is to let a user run a SSIS package.
Is the only way is to enable xp_cmdshell and within a procedure code dtexec /SQL....? I really didn't want to enable xp_cmdshell.
Can someone provide me examples of what they have done in their businesses? What the best policy is to allow users to run SSIS packages?
lcerni