I need to run a SSIS Transfer SQL Server Objects Task under a SQL Server session context. A function provides a default value for tenant id column that is obtained from the session context. I cannot find a way to set the session context so that it is available to the task. Is this even possible?
Related
Environment : Oracle 12C
In SQL Server, a credential is a record that contains the authentication information (credentials) required to connect to a resource outside SQL Server. This information is used internally by SQL Server. Most credentials contain a Windows user name and password.Here is Microsoft doc about Credentials in SQL Server .In SQL Server, the default is to use the service account credentials to access the resource outside SQL Server.
What is the SQL Server credential equivalent in Oracle ?
There is no direct equivalence as it depends on the resource.
For database links (which are equivalent to SQL Server linked servers), credentials are not stored as a separate object but are considered as part of the database link itself.
For local external jobs, remote external jobs, and remote database used by DBMS_SCHEDULER jobs, you need to use DBMS_CREDENTIAL.CREATE_CREDENTIAL procedure. External procedures are also using DBMS_CREDENTIAL.CREATE_CREDENTIAL.
The view DBA_CREDENTIALS can be used for DBMS_SCHEDULER jobs and external procedures but not for database links.
There may be other resources that are using credentials in a different way.
I need to lock down access to a linked server object in MSSQL server.
I am building views on a host database, from which, I query to populate a staging table on my warehouse server. I am using Data Tools/SSIS to extract the view data. To simplify the SSIS package, I am using the OPENQUERYsyntax to query the linked server object that exists on my warehouse server, and connects to other SQL servers, Oracle servers, etc., through linked server objects.
To provide access to the linked servers, I have set up a local SQL login on the host db that has read access, then I use 'Be made using this security context:' and pass the local SQL login. That works just fine.
I realize now that I have a problem: any user with warehouse access can query the linked server object because of that stashed security context! I don't want that! I do need folks who should have access to be able to query (so I can write my SSIS packages), as well as the SQL Server Agent service account to have access so when the SQL Server Agent job runs as that user that it can successfully query the linked server.
I believe that the key to locking down query access to the linked server object is somewhere in the 'Local server login to remote server login mappings', but I'm having a hard time figuring that out. When I try to add for instance NT SERVICE\SQLAgent mapped to the local login with access, then save, I hit 'Login failed for 'NT AUTHORITY\ANONYMOUS LOGON' when saving.
Any ideas on how I can allow a security groups that have access, and SQL Server Agent service account to query the linked server, but not the rest of people with warehouse access?
This is known as the 'double hop' problem
(https://blogs.technet.microsoft.com/askds/2008/06/13/understanding-kerberos-double-hop/)
and to get rid of the Anonymous login error you would have to properly set up Kerberos pass-through authentication;
https://blogs.msdn.microsoft.com/farukcelik/2008/01/02/how-to-set-up-a-kerberos-authentication-scenario-with-sql-server-linked-servers/
https://www.databasejournal.com/features/mssql/article.php/3696506/Setting-Up-Delegation-for-Linked-Servers.htm
However this is quite involved - you mention that to 'simplify' the SSIS package you use a linked server, however SSIS solves exactly this problem... Why don't you just use SSIS to copy the data from the other server to avoid using a linked server?
There's a file stored in SharePoint that I want to use as data source in my SSIS package that will be run by SQL Server Agent.
The SQL Server Agent uses an account that doesn't have access to this file, so I want the Excel connection to use different login credentials (you can specify them in OLEDB connections). Is there any way to do this?
I know that the simplest way would be to just grant the permissions to the account that SQL Server Agent uses, but our responsible person is away. Changing the credentials in SQL Server Configuration Manager is not an option.
MS SQL Server 2008R2, Server Integration Services Version 10.50.1600.1, Sharepoint2010,
You can set up a proxy account that has the appropriate permissions to the location of the excel file and then set the job to run as that proxy account.
https://technet.microsoft.com/en-us/library/ms190698%28v=sql.105%29.aspx?f=255&MSPPError=-2147217396
I am creating an SSIS package using Change Data Capture. I have created the package, but I get the error below while executing it:
[CDC Control Task] Error: "Only members of the sysadmin fixed server
role or db_owner fixed database role can perform this operation.
Contact an administrator with sufficient permissions to perform this
operation.".
The error says sysadmin/db_owner role is required. However, is this really required or I am doing something wrong?
I depends on what you are trying to do in SSIS..Here is what MSDN lists out. and what privilege you need to have..
Access Authorization to Change Data:
Trickle-feed update packages need access to SQL Server 2016 CDC functions. Such access is granted, by default, to members of the db_owner fixed database role. Because the db_owner is a powerful role, when defining capture instances within SQL Server 2016 it is recommended to associate a gating security role to each capture instance that allows the SSIS CDC package to use a much more restricted user for processing the changes.
Access to CDC Database Current LSN:
The CDC Control task operations for marking the start LSN for change processing must be able to find the CDC Database current LSN. This is done using the procedure sp_replincrementlsn from the master database. Execute permission on this procedure must be given to the login used for connecting to the SQL Server 2016 CDC database.
Access to CDC States Table:
The CDC States table is used for automatically persisting CDC States that need to be updatable by the login used for connecting to the SQL Server 2016 CDC database. As this table is created by the SSIS developer, set the SQL Server 2016 system administrator as a user who is authorized to create SQL Server 2016 databases and perform administrative and maintenance tasks. In addition, a SQL Server 2016 system administrator who works with CDC enabled databases must be knowledgeable about SQL Server 2016 CDC technology and implementation.
In my case, I am creating records in SQL Server database. There is a running replication on the database.
Before returning results to client, I need to query the data in the replicated database.
For now, I am using a timer, whereby every 2 seconds I query data from replicated database to see if the data has been replicated.
Is there a way to find out when the data has been replicated before returning results to client and without using Timer?
Technologies used: ASP.NET MVC/JavaScript & backend is SQL Server.
Thanks
Yes there is a way. You can Configure Predefined Replication Alerts (SQL Server Management Studio).
SQL Server Management Studio and Microsoft SQL Server Agent provide a way to monitor events, such as replication agent events, using alerts. SQL Server Agent monitors the Windows application log for events that are associated with alerts. If such an event occurs, SQL Server Agent responds automatically, by executing a task that you have defined and/or sending e-mail or a pager message to a specified operator. SQL Server includes a set of predefined alerts for replication agents that you can configure to execute a task and/or notify an operator.
Refer to these links: Use Alerts for Replication Agent Events, View Information and Perform Tasks for a Subscription (Replication Monitor).
There is also a Microsoft SQL Server Replication Monitor, which is a graphical tool that allows you to monitor the overall health of a replication topology.