Nous utilisons actuellement SSIS 2012. Existe-t-il un moyen pour un utilisateur d'afficher les rapports d'exécution dans le catalogue SSIS sans être ssis_admin ou sysadmin?
C'est pour l'environnement de production et nous ne voulons pas que les gens manipulent les projets du catalogue SSIS.
Merci!
Réponses:
Voici notre solution (croyez-moi, cela fonctionnera parfaitement!)
Après avoir étudié la procédure de stockage des rapports d'exécution, nous avons constaté qu'à chaque exécution d'un travail, la table internal.executions dans SSISDB sera mise à jour. Et pour afficher le rapport d'exécution de cette exécution, nous devons exécuter quelque chose comme ci-dessous:
EXEC SSISDB.catalog.grant_permission
@object_type = 4,
@object_id = @execution_id,
@principal_ID = 13,
@permission_type = 1;
Cette procédure stockée accordera à un rôle / utilisateur un certain accès à un objet dans la base de données. @object_type signifie sur quel type d'objet vous avez besoin d'autorisations (4 signifie opération); @object_id signifie l'objet spécifique auquel nous voulons accéder; @principal_ID signifie qui veut obtenir l'accès; permission_type signifie quel type d'accès nous voulons avoir (1 signifie lecture seule). Pour plus d'informations, veuillez vous référer à catalog.grant_permission (base de données SSISDB)
Notre objectif est de créer un déclencheur qui chaque fois qu'un travail s'exécute - ce qui signifie que la table internal.executions est insérée - en utilisant le SP ci-dessus pour accorder à un rôle l'autorisation sur ces informations d'opération.
Ensuite, suivons les étapes ci-dessous pour configurer les autorisations d'affichage des rapports d'exécution:
Créez un utilisateur, le déclencheur sera exécuté comme. Cet utilisateur doit pouvoir exécuter un déclencheur dans SSISDB et avoir accès au catalogue SSIS. Dans notre cas, nous lui donnons le rôle db_owner et ssis_admin sous SSISDB.
USE [master]
GO
CREATE LOGIN [ssis_job_viewer] FROM WINDOWS WITH DEFAULT_DATABASE=[master]
GO
USE [SSISDB]
GO
CREATE USER [ssis_job_viewer] FOR LOGIN [ssis_job_viewer]
GO
USE [SSISDB]
GO
ALTER ROLE [db_owner] ADD MEMBER [ssis_job_viewer]
GO
USE [SSISDB]
GO
ALTER ROLE [ssis_admin] ADD MEMBER [ssis_job_viewer]
GO
Créez un rôle [package_execution_viewer]. Ce rôle sera utilisé dans la procédure stockée mentionnée ci-dessus.
USE [SSISDB]
GO
CREATE ROLE [package_execution_viewer]
GO
Ajouter des utilisateurs à [package_execution_viewer]
USE [SSISDB]
GO
ALTER ROLE [package_execution_viewer] ADD MEMBER [user1]
GO
USE [SSISDB]
GO
ALTER ROLE [package_execution_viewer] ADD MEMBER [user2]
GO
Récupère le principe_id du rôle package_execution_viewer. Cet identifiant sera également utilisé dans SP ci-dessus.
SELECT * from sys.database_principals
GO
Créer un déclencheur pour accorder l'autorisation à package_execution_viewer
USE [SSISDB]
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE TRIGGER [internal].[update_viewer_perms]
ON [internal].[executions]
WITH EXECUTE AS 'ssis_job_viewer'
AFTER INSERT
AS
declare @execution_id bigint
BEGIN
select @execution_id = execution_id from inserted
EXEC SSISDB.catalog.grant_permission
@object_type = 4,
@object_id = @execution_id,
@principal_ID = 13,
@permission_type = 1 **--Note the principal_id needs to be changed**
END
GO
Tout est prêt. De cette façon, nous pouvons permettre aux utilisateurs d'accéder aux rapports d'exécution sans les créer en tant que ssis_admin. Essayez-le et partagez vos réflexions sur ce post!
Avec la mise en garde que je ne suis pas un agent de sécurité ...
Il n'y a pas de rôle de base de données prédéfini autre que ssis_admincelui qui est spécial pour SSISDB. Cela permet de faire toutes les choses SSIS, mais c'est clairement plus de pouvoir qu'une personne de soutien ne devrait en avoir.
Il existe deux schémas, internalet catalog. Le catalogue est destiné à nous, les utilisateurs finaux, à interagir avec le SSISDB pendant qu'il est interne, pour citer un excellent manuel
IST NICHT FÜR DER GEFINGERPOKEN UND MITTENGRABEN!
J'ai lancé le profileur et regardé en cliquant sur les rapports d'exécution et les sous-rapports. Toutes les requêtes sont des requêtes en ligne sur le catalogschéma. Les procs et la fonction qui sont dans le catalogschéma semblent tous être liés à la maintenance et à l'administration des packages, donc si vous créez un rôle qui
Vous pouvez exécuter la réponse de Martin pour accorder l'accès à toutes les vues basées sur le catalogue, mais comme je suis paresseux,
J'essaierais quelque chose comme ça. Je crée un rôle appelé LookIt, y ajoute mes membres, puis leur accorde l'autorisation SELECT sur l'ensemble du schéma de catalogue
USE [SSISDB]
GO
CREATE ROLE [LookIt]
GO
USE [SSISDB]
GO
ALTER ROLE [LookIt] ADD MEMBER [MyPeople]
GO
use [SSISDB]
GO
GRANT SELECT ON SCHEMA::[catalog] TO [LookIt]
GO
Réjouissez-vous, pour ceux d'entre vous qui regardent SQL Server 2016. Un nouveau rôle SSIS à venir permettra aux utilisateurs non privilégiés d'utiliser les outils de création de rapports natifs. Ce rôle, appelé ssis_logreaderAccorder l’adhésion à ce rôle, permettra aux utilisateurs d’accéder à tous les rapports sans leur donner la possibilité d’administrer l’instance SSIS ou l’ensemble du serveur.
Très simplement ... Commentez la WHEREclause dans ces deux vues:
SSISDB.catalog.executions
SSISDB.catalog.event_messages
Terminé.
Modifiez la vue catalog.event_messagesen commentant la WHEREclause:
--WHERE opmsg.[operation_id] in (SELECT [id] FROM [internal].
--[current_user_readable_operations]) OR (IS_MEMBER('ssis_admin') = 1) OR
--(IS_SRVROLEMEMBER('sysadmin') = 1)
Faites de même pour la vue Catalog.executions.
Je n'ai pas encore rencontré d'effets secondaires et je l'ai depuis 3 mois dans les environnements PROD et QA.
Commentant la WHEREclause dans ces vues de SSISDB:
SSISDB.catalog.executionsSSISDB.catalog.event_messagesSSISDB.Catalog.folderset fournir l' DB_READERaccès à l'utilisateur / groupe dans SSISDB. Validé / vérifié dans SQL 2012/2014
C'est donc un problème que j'ai rencontré ces derniers jours, et je dois dire que ce message a certainement aidé, bien qu'aucune des réponses n'ait été exactement ce qui a aidé.
Ainsi, comme l'indique ce post, je voulais donner accès aux rapports du catalogue Integration Services en conserve, sans avoir à accorder le rôle SSIS_admin dans un environnement où il n'est pas nécessaire. Et merci à billinkc de m'avoir aidé à trouver la réponse. Comme il l'a dit, ils ont résolu ce problème dans SQL 2016 en ajoutant un rôle de base de données qui vous permet de faire ce que nous voulons. Cela m'a donné l'idée de simplement copier ce que SQL 2016 a fait sur les versions antérieures. Voici donc ce que vous devez faire:
OR (IS_MEMBER('ssis_logreader') = 1)dans la clause where.[catalogue]. [opérations]
[catalogue]. [operation_messages]
[catalogue]. [event_message_context]
[catalogue]. [event_messages]
[catalogue]. [statistiques_exécutables]
[catalogue]. [exécutables]
[catalogue]. [execution_component_phases]
[catalogue]. [execution_data_statistics]
[catalogue]. [execution_data_taps]
[catalogue]. [valeurs_paramètre_exécution]
[catalogue]. [execution_property_override_values]
[catalogue]. [exécutions]
[catalogue]. [Extended_operation_info]
[catalogue]. [operation_messages]
[catalogue]. [opérations]
[catalogue]. [packages]
[catalogue]. [projets]
[catalogue]. [validations]
Une fois que vous avez fait cela, il devrait s'occuper de vos problèmes.
J'ai également joint un script qui fera tout sauf la dernière étape. Attention cependant, il fait près de 700 lignes
Merci.
USE SSISDB
GO
CREATE ROLE [ssis_logreader]
GO
----------------------------------------------------------------------------------------------
USE [SSISDB]
GO
/****** Object: View [catalog].[operations] Script Date: 10/5/2016 8:38:56 AM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER VIEW [catalog].[operations]
AS
SELECT [operation_id],
[operation_type],
[created_time],
[object_type],
[object_id],
[object_name],
[status],
[start_time],
[end_time],
[caller_sid],
[caller_name],
[process_id],
[stopped_by_sid],
[stopped_by_name],
[server_name],
[machine_name]
FROM internal.[operations]
WHERE [operation_id] in (SELECT [id] FROM [internal].[current_user_readable_operations])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1)
OR (IS_MEMBER('ssis_logreader') = 1)
GO
-----------------------------------------------------------------------------------------------------------
USE [SSISDB]
GO
/****** Object: View [catalog].[operation_messages] Script Date: 10/5/2016 8:38:32 AM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER VIEW [catalog].[operation_messages]
AS
SELECT [operation_message_id],
[operation_id],
[message_time],
[message_type],
[message_source_type],
[message],
[extended_info_id]
FROM [internal].[operation_messages]
WHERE [operation_id] in (SELECT [id] FROM [internal].[current_user_readable_operations])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1)
OR (IS_MEMBER('ssis_logreader') = 1)
GO
-----------------------------------------------------------------------------------------------------------------------
USE [SSISDB]
GO
/****** Object: View [catalog].[event_message_context] Script Date: 10/5/2016 8:12:27 AM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER VIEW [catalog].[event_message_context]
AS
SELECT [context_id],
[event_message_id],
[context_depth],
[package_path],
[context_type],
[context_source_name],
[context_source_id],
[property_name],
[property_value]
FROM [internal].[event_message_context]
WHERE [operation_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1)
OR (IS_MEMBER('ssis_logreader') = 1)
GO
-----------------------------------------------------------------------------------------------------------------------
USE [SSISDB]
GO
/****** Object: View [catalog].[event_messages] Script Date: 10/5/2016 8:13:44 AM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER VIEW [catalog].[event_messages]
AS
SELECT opmsg.[operation_message_id] AS [event_message_id],
opmsg.[operation_id],
opmsg.[message_time],
opmsg.[message_type],
opmsg.[message_source_type],
opmsg.[message],
opmsg.[extended_info_id],
eventmsg.[package_name],
eventmsg.[event_name],
message_source_name =
CASE
WHEN (opmsg.message_source_type = 10) THEN 'ISServerExec'
WHEN (opmsg.message_source_type = 20) THEN 'Transact-SQL stored procedure'
ELSE eventmsg.message_source_name
END,
eventmsg.[message_source_id],
eventmsg.[subcomponent_name],
eventmsg.[package_path],
eventmsg.[execution_path],
eventmsg.[threadID],
eventmsg.[message_code]
FROM [internal].[operation_messages] opmsg LEFT JOIN [internal].[event_messages] eventmsg
ON opmsg.[operation_message_id] = eventmsg.[event_message_id]
WHERE opmsg.[operation_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1)
OR (IS_MEMBER('ssis_logreader') = 1)
GO
----------------------------------------------------------------------------------------------------------------------
USE [SSISDB]
GO
/****** Object: View [catalog].[executable_statistics] Script Date: 10/5/2016 8:14:02 AM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER VIEW [catalog].[executable_statistics]
AS
SELECT [statistics_id],
[execution_id],
[executable_id],
[execution_path],
[start_time],
[end_time],
[execution_duration],
[execution_result],
[execution_value]
FROM [internal].[executable_statistics]
WHERE [execution_id] IN (SELECT id FROM [internal].[current_user_readable_operations])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1)
OR (IS_MEMBER('ssis_logreader') = 1)
GO
----------------------------------------------------------------------------------------------------------------------
USE [SSISDB]
GO
/****** Object: View [catalog].[executables] Script Date: 10/5/2016 8:14:22 AM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER VIEW [catalog].[executables]
AS
SELECT DISTINCT
execl.[executable_id],
execs.[execution_id],
execl.[executable_name],
execl.[executable_guid],
execl.[package_name],
execl.[package_path]
FROM ([internal].[executions] execs INNER JOIN [internal].[executable_statistics] stat
ON execs.[execution_id] = stat.[execution_id]) INNER JOIN [internal].[executables] execl
ON stat.[executable_id] = execl.[executable_id]
WHERE execs.[execution_id] IN (SELECT id FROM [internal].[current_user_readable_operations])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1)
OR (IS_MEMBER('ssis_logreader') = 1)
GO
-------------------------------------------------------------------------------------------------------------------------
USE [SSISDB]
GO
/****** Object: View [catalog].[execution_component_phases] Script Date: 10/5/2016 8:24:40 AM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER VIEW [catalog].[execution_component_phases]
AS
SELECT startPhase.[phase_stats_id] AS [phase_stats_id],
startPhase.[execution_id] AS [execution_id],
startPhase.[package_name] AS [package_name],
startPhase.[task_name] AS [task_name],
startPhase.[subcomponent_name] AS [subcomponent_name],
startPhase.[phase] AS [phase],
startPhase.[phase_time] AS [start_time],
endPhase.[phase_time] AS [end_time],
startPhase.[execution_path] AS [execution_path]
FROM [internal].[execution_component_phases] startPhase LEFT JOIN [internal].[execution_component_phases] endPhase
ON startPhase.[phase_stats_id] != endPhase.[phase_stats_id]
AND startPhase.[execution_id] = endPhase.[execution_id]
AND startPhase.[sequence_id] = endPhase.[sequence_id]
WHERE startPhase.[is_start] = 'True' AND (endPhase.[is_start] = 'False' OR endPhase.[is_start] IS NULL)
AND (startPhase.[execution_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1))
OR (IS_MEMBER('ssis_logreader') = 1)
GO
--------------------------------------------------------------------------------------------------------------------------
USE [SSISDB]
GO
/****** Object: View [catalog].[execution_data_statistics] Script Date: 10/5/2016 8:25:01 AM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER VIEW [catalog].[execution_data_statistics]
AS
SELECT [data_stats_id],
[execution_id],
[package_name],
[task_name],
[dataflow_path_id_string],
[dataflow_path_name],
[source_component_name],
[destination_component_name],
[rows_sent],
[created_time],
[execution_path]
FROM [internal].[execution_data_statistics]
WHERE [execution_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1)
OR (IS_MEMBER('ssis_logreader') = 1)
GO
----------------------------------------------------------------------------------------------------------------------------
USE [SSISDB]
GO
/****** Object: View [catalog].[execution_data_taps] Script Date: 10/5/2016 8:25:36 AM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER VIEW [catalog].[execution_data_taps]
AS
SELECT [data_tap_id],
[execution_id],
[package_path],
[dataflow_path_id_string],
[dataflow_task_guid],
[max_rows],
[filename]
FROM [internal].[execution_data_taps]
WHERE [execution_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1)
OR (IS_MEMBER('ssis_logreader') = 1)
GO
--------------------------------------------------------------------------------------------------------------------------
USE [SSISDB]
GO
/****** Object: View [catalog].[execution_parameter_values] Script Date: 10/5/2016 8:26:01 AM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER VIEW [catalog].[execution_parameter_values]
AS
SELECT [execution_parameter_id],
[execution_id],
[object_type],
[parameter_data_type],
[parameter_name],
[parameter_value],
[sensitive],
[required],
[value_set],
[runtime_override]
FROM [internal].[execution_parameter_values]
WHERE [execution_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1)
OR (IS_MEMBER('ssis_logreader') = 1)
GO
------------------------------------------------------------------------------------------------------------------
USE [SSISDB]
GO
/****** Object: View [catalog].[execution_property_override_values] Script Date: 10/5/2016 8:26:24 AM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER VIEW [catalog].[execution_property_override_values]
AS
SELECT [property_id],
[execution_id],
[property_path],
[property_value],
[sensitive]
FROM [internal].[execution_property_override_values]
WHERE [execution_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1)
OR (IS_MEMBER('ssis_logreader') = 1)
GO
--------------------------------------------------------------------------------------------------------------------
USE [SSISDB]
GO
/****** Object: View [catalog].[executions] Script Date: 10/5/2016 8:26:52 AM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER VIEW [catalog].[executions]
AS
SELECT execs.[execution_id],
execs.[folder_name],
execs.[project_name],
execs.[package_name],
execs.[reference_id],
execs.[reference_type],
execs.[environment_folder_name],
execs.[environment_name],
execs.[project_lsn],
execs.[executed_as_sid],
execs.[executed_as_name],
execs.[use32bitruntime],
opers.[operation_type],
opers.[created_time],
opers.[object_type],
opers.[object_id],
opers.[status],
opers.[start_time],
opers.[end_time],
opers.[caller_sid],
opers.[caller_name],
opers.[process_id],
opers.[stopped_by_sid],
opers.[stopped_by_name],
opers.[operation_guid] AS [dump_id],
opers.[server_name],
opers.[machine_name],
ossysinfos.[total_physical_memory_kb],
ossysinfos.[available_physical_memory_kb],
ossysinfos.[total_page_file_kb],
ossysinfos.[available_page_file_kb],
ossysinfos.[cpu_count]
FROM [internal].[executions] execs INNER JOIN [internal].[operations] opers
ON execs.[execution_id]= opers.[operation_id]
LEFT JOIN [internal].[operation_os_sys_info] ossysinfos
ON ossysinfos.[operation_id]= execs.[execution_id]
WHERE opers.[operation_id] IN (SELECT id FROM [internal].[current_user_readable_operations])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1)
OR (IS_MEMBER('ssis_logreader') = 1)
GO
--------------------------------------------------------------------------------------------------------------------
USE [SSISDB]
GO
/****** Object: View [catalog].[extended_operation_info] Script Date: 10/5/2016 8:27:45 AM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER VIEW [catalog].[extended_operation_info]
AS
SELECT [info_id],
[operation_id],
[object_name],
[object_type],
[reference_id],
[status],
[start_time],
[end_time]
FROM [internal].[extended_operation_info]
WHERE [operation_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1)
OR (IS_MEMBER('ssis_logreader') = 1)
GO
--------------------------------------------------------------------------------------------------------------------------
USE [SSISDB]
GO
/****** Object: View [catalog].[operation_messages] Script Date: 10/5/2016 8:29:30 AM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER VIEW [catalog].[operation_messages]
AS
SELECT [operation_message_id],
[operation_id],
[message_time],
[message_type],
[message_source_type],
[message],
[extended_info_id]
FROM [internal].[operation_messages]
WHERE [operation_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1)
OR (IS_MEMBER('ssis_logreader') = 1)
GO
-------------------------------------------------------------------------------------------------------------------------------
USE [SSISDB]
GO
/****** Object: View [catalog].[operations] Script Date: 10/5/2016 8:29:55 AM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER VIEW [catalog].[operations]
AS
SELECT [operation_id],
[operation_type],
[created_time],
[object_type],
[object_id],
[object_name],
[status],
[start_time],
[end_time],
[caller_sid],
[caller_name],
[process_id],
[stopped_by_sid],
[stopped_by_name],
[server_name],
[machine_name]
FROM internal.[operations]
WHERE [operation_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1)
OR (IS_MEMBER('ssis_logreader') = 1)
GO
----------------------------------------------------------------------------------------------------------------------------
USE [SSISDB]
GO
/****** Object: View [catalog].[packages] Script Date: 10/5/2016 8:31:07 AM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER VIEW [catalog].[packages]
AS
SELECT pkgs.[package_id],
pkgs.[name],
pkgs.[package_guid],
pkgs.[description],
pkgs.[package_format_version],
pkgs.[version_major],
pkgs.[version_minor],
pkgs.[version_build],
pkgs.[version_comments],
pkgs.[version_guid],
pkgs.[project_id],
pkgs.[entry_point],
pkgs.[validation_status],
pkgs.[last_validation_time]
FROM [internal].[packages] pkgs INNER JOIN [internal].[projects] proj ON
(pkgs.[project_version_lsn] = proj.[object_version_lsn]
AND pkgs.[project_id] = proj.[project_id]) INNER JOIN
[internal].[object_versions] vers ON ( vers.[object_type] =20 AND
vers.[object_id] = proj.[project_id]
AND vers.[object_version_lsn] = proj.[object_version_lsn])
WHERE pkgs.[project_id] IN (SELECT [id] FROM [internal].[current_user_readable_projects])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1)
OR (IS_MEMBER('ssis_logreader') = 1)
GO
-------------------------------------------------------------------------------------------------------------------
USE [SSISDB]
GO
/****** Object: View [catalog].[projects] Script Date: 10/5/2016 8:31:31 AM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER VIEW [catalog].[projects]
AS
SELECT proj.[project_id],
[internal].[folders].[folder_id],
proj.[name],
proj.[description],
proj.[project_format_version],
proj.[deployed_by_sid],
proj.[deployed_by_name],
proj.[last_deployed_time],
proj.[created_time],
proj.[object_version_lsn],
proj.[validation_status],
proj.[last_validation_time]
FROM [internal].[object_versions] ver INNER JOIN
[internal].[projects] proj ON (ver.[object_id] = proj.[project_id]
AND ver.[object_version_lsn] = proj.[object_version_lsn]) INNER JOIN
[internal].[folders] ON proj.[folder_id] = [internal].[folders].[folder_id]
WHERE (ver.[object_status] = 'C')
AND (ver.[object_type]= 20)
AND (
proj.[project_id] IN (SELECT [id] FROM [internal].[current_user_readable_projects])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1)
OR (IS_MEMBER('ssis_logreader') = 1)
)
GO
-------------------------------------------------------------------------------------------------------------------
USE [SSISDB]
GO
/****** Object: View [catalog].[validations] Script Date: 10/5/2016 8:31:54 AM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER VIEW [catalog].[validations]
AS
SELECT vals.[validation_id],
vals.[environment_scope],
vals.[validate_type],
vals.[folder_name],
vals.[project_name],
vals.[project_lsn],
vals.[use32bitruntime],
vals.[reference_id],
opers.[operation_type],
opers.[object_name],
opers.[object_type],
opers.[object_id],
opers.[start_time],
opers.[end_time],
opers.[status],
opers.[caller_sid],
opers.[caller_name],
opers.[process_id],
opers.[stopped_by_sid],
opers.[stopped_by_name],
opers.[operation_guid] AS [dump_id],
opers.[server_name],
opers.[machine_name]
FROM [internal].[validations] vals INNER JOIN [internal].[operations] opers
ON vals.[validation_id] = opers.[operation_id]
WHERE opers.[operation_id] IN (SELECT [id] FROM [internal].[current_user_readable_operations])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1)
OR (IS_MEMBER('ssis_logreader') = 1)
GO
-------------------------------------------------------------------------------------------------------------------J'ai eu le même problème. Après avoir examiné la requête soulignée en mettant l'accent sur la clause where.
WHERE opmsg.[operation_id] in (SELECT [id] FROM [internal]. [current_user_readable_operations])
OR (IS_MEMBER('ssis_admin') = 1)
OR (IS_SRVROLEMEMBER('sysadmin') = 1)Lorsque la requête vérifie l'appartenance au rôle ssis_admin. J'ai décidé d'accorder mon rôle report_reader au rôle de base de données ssis_admin.
L'exécution de la requête autonome m'a donné une erreur d'autorisation de sélection. J'ai donc accordé au rôle et aux schémas internes des autorisations de sélection de rôle.
GRANT SELECT ON SCHEMA::[catalog] TO ssis_admin;
GRANT SELECT ON SCHEMA::[internal] TO ssis_admin;J'espère que cela aide quelqu'un.
Sur SQL Server 2014
Il semble y avoir une solution plus simple.
Vous avez terminé.
Remarque: J'ai testé cela sur SQL Server 2014 et cela fonctionne. Je suis sûr que cela fonctionnera à partir de 2012.
Cela a résolu mon problème. J'ai reçu le correctif de Petemill66, donc merci
utiliser SSISDB
GRANT SELECT SUR SCHEMA :: [catalogue] TO ssis_admin;
GRANT SELECT SUR SCHEMA :: [internal] TO ssis_admin;
Mise à jour GRANT SUR SCHEMA :: [catalogue] TO ssis_admin;
Mise à jour GRANT SUR SCHEMA :: [interne] TO ssis_admin;