Sid Skoulphong
 |
| 10/05/2001 8:10 PM |
 Quote
 Reply
 Alert
|
| Hi All,
I'm trying to secure a SQL Server using the SQL Server Server Security Checklist I printed from your site. I'm having a lot problems with SQL Server 7 when a low privilege User account is used for SQL Server services. I'm running Windows NT 4.0 Server with SP6a as a Stand Alone with SQL Server 7 with SP3. I've created a Windows User account that has permission to:
1) Full Control to C:\MSSQL7
2) Full Control to SQL database files
3) Logon as a Service
4) Full Control the following Registry keys: HKLM\Software\Microsoft\MSSQLServer
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Perlib
HKLM\System\CurrentControlSet\Services\MSSQLServer
After assigning the above permission, SQL cannot execute the scheduled DTS package that I've created. What other permission(s) do I need to have access to in order for SQL to execute the DTS packages? |
|
|
|
|
Chip Andrews
|
| 10/08/2001 8:00 AM |
Quote
Reply
Alert
|
| What is your DTS package doing?? We need to investigate exactly what the DTS package is up to. Also, have you made sure that the account you created has a login entry in SQL Server? |
|
|
|
|
Sid
|
| 10/09/2001 12:46 PM |
Quote
Reply
Alert
|
| The DTS package are exporting SQL tables to an empty Access database. I.E. I've used the DTS wizard to export table A from Test DB on the SQL server to an empty Access MDB located on the same machine. By login entry to SQL server, do you mean SQL User account? I do have an SQL login User account called SQLTest that is assigned to the the sysadmin role. This is the same Windows User account that is assigned to the SQL Server service and SQL Agent service. I'd notice that the SQLTest account only has database access to the master, model, and tempdb databases. Do I need to grant the user account public and db_owner permission to the Test DB? Also the SQLTest account does have full control to the empty Access MDB. |
|
|
|
|
Chip Andrews
|
| 10/09/2001 9:42 PM |
Quote
Reply
Alert
|
| If the SQLTest user is a sysadmin then no explicit access to the databases is needed. Make sure that the SQLTest user is added as an Integrated user and not a standard SQL account (i.e HOST\SQLTest instead of SQLTest).
Also - since this job is scheduled it is executed with the context of the SQL Agent account so make sure it is set to SQLTest as well - not just the MSSQLSERVER service.
Last but not least try logging in as SQLTest and running the job yourself and see if you can get an interactive error message to see what permissions are lacking.
|
|
|
|
|