{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 成全新的幸福 的问题《Execute SSIS package from stored procedure as prox》','https://www.manongdao.com/q-1363775.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to run an SSIS package through a stored procedure, but I am getting an Access is denied error when I try to import a CSV.
I put the package inside a job and ran it and it worked as long as I used a proxy account. I am trying to replicate that proxy account to the stored procedure call without using xp_cmdshell. I also ran this package inside Visual Studio and it ran smoothly.
My SSIS package is simple: It imports a CSV file from the network, converts the data to varchar, and stores the data into a table.
Even my sysadmin was not able to successfully run the stored procedure.
My stored procedure looks like this:
ALTER PROCEDURE [dbo].[spImportFile]
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
DECLARE @execution_id bigint
EXEC SSISDB.CATALOG.create_execution
@folder_name = 'folder_name',
@project_name = 'project_name',
@package_name = 'package_name.dtsx',
@use32bitruntime = 1,
@execution_id = @execution_id output
EXEC SSISDB.CATALOG.start_execution @execution_id
END
My question is, how can I programmatically use a proxy user inside this stored procedure without using xp_cmdshell?
UPDATE:
I am now trying to impersonate my proxy user thanks to billinkc, but now I am running into this error when I execute the SSIS package:
The current security context cannot be reverted. Please switch to the original database where 'Execute As' was called and try it again.
Here is my altered code:
ALTER PROCEDURE [dbo].[spImportFile]
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
EXECUTE AS LOGIN = 'domain\credentials'
DECLARE @execution_id bigint
EXEC SSISDB.CATALOG.create_execution
@folder_name = 'folder_name',
@project_name = 'project_name',
@package_name = 'package_name.dtsx',
@use32bitruntime = 1,
@execution_id = @execution_id output
EXEC SSISDB.CATALOG.start_execution @execution_id -- <<<< ERROR HERE!
REVERT
END
I successfully tested EXECUTE AS LOGIN and REVERT without start_execution by looking into a system table I wouldn't usually have access to.
I have come into a realization that since I am going to impersonate a user and that I am encouraged to use a job, it will be much easier to make a job to run this SSIS package on the server with a proxy account.
Here is my solution that includes running a job:
This job code was based on this question, "Executing SQL Server Agent Job from a stored procedure and returning job result"
Findings:
I have learned that you need to
GRANT IMPERSONATE ON LOGIN::[domain\ProxyUser] to [domain\credentials]from this MSDN source.ALTER DATABASE database_name SET TRUSTWORTHY ONis another setting thesysadminneeded to implement and this MSDN source helps explain the usage.Remarks:
This solution is based on the fact that I am the
dboof the database and I had asysadmingrant impersonation of the proxy account to my windows security group. I am using Windows authentication as well.I have updated the question to not restrict the use of jobs for anyone that initially was working on this question. If there is a solution that doesn't require jobs, I will be more than happy to take a look and even change the accepted solution on this question.
I've never tried it against a set of credentials, but you could look at EXECUTE AS