My service account password is about to expire in a week and I have been asked to list down all the jobs/services/servers and all other areas where the Service account credentials are being used. So that we are prepared to update the password in all required areas well in time without running into any issues.

I was able to get the services details from the SQL server configuration manager. 

So can someone help me how to list all jobs (sql agent and SSIS) and any other services that could use the Service account.

Thanks 

Hello,

As we know we can backup databases on network device. Is their any way we can write SQL Server Audit Files to a network device?

Regards,

Taoqir

Hello,

Is there a way to allow a login to create linked servers (using t-SQL) at the same time, not to have access to other linked servers created by other logins?

ALTER ANY LINKED SERVER will allow a login to create linked servers, but it will allow that same login to alter every linked server on that SQL Server even those that it didn't create.

Hi all

I am new to MSSQL, so please be patient if my question sounds trivial :-)

We have an instance of MSSQL for development and the people normally do frequent backup/restore of databases (i.e. for upgrade of customer's production DBs, restore of production databases, etc..) via "sa" login. Note that we don't have a dedicated DBA and we would like to avoid to dedicate a resource only for these trivial tasks.

Now we would like to restrict such security policy, like:

• Remove DBA permissions to all users
  
• Grant all users a specific role to backup/restore databases ONLY remotely (i.e. to/from \\192.168.xxx.xxx\mySharedFolder)
• Restore only to the database where user is dbOwner

Would this be possible just by using security restrictions (not with stored procedures)? How?

I had a quick look to the Media sets config, but I couldn't figure out how to restric only to remote locations, and the dp_backupoperator doesn't seem to be configurable. Also the CREATE DATABASE permission is way to strong as we don't want a user to be able to restore to any database, but only to his own.

Thank you!

Hello,

What is the maximum harm a login with "ALTER ANY LINKED SERVER" permission do?

Can that login have any access to the data of the linked servers other than the one it creates?

Hi All,

We are trying to do a POC on row level security feature in SQL server 2016 as an alternative for customized views.

There is one  view "Customers_USA" which contains information of users from USA region(There is a column named "REGION" in the view which identifies region of the customer).

So is it possible to use the Row level security to implement a solution to restrict the access to that view, Means if a user(Suppose a SQL login) tries to execute a "select *" statement from the view, he/she should be able to see/access the customers in the USA region only.

So is it possible to implement the same using the RLS in SQL 2016?

Hi,

We have more than 100 databases in SQL server and each Database having different schemas.
Is there anyway to give view(read)schema permission (specific schemas only) for all databases at a time? I mean Instead of going into each database create one user role and selecting specific schemas, I want one particular user created into all databases and this user I want to access selected schemas for those database only.
 Thanks,

DBA

DBA

Hi,

I am migrating from Windows 2008R2 with SQL Express to Windows Server 2016 with SQL Express 2016. Everything works fine when I disable the firewall on the Windows Server 2016. But if I enable firewall the clients can not connect to the database any more.

I have allowed port 1433 TCP in and out and port 1434 UDP in and out in all areas (domain, private, public).

Any idea what could be missing? Any changes on 2016 versions?

Hi, I'm using sqlpackage.exe with a dacpac file to deploy to a sql server.

I have a user with just "dbcreator" role. With 2014 there was no issue. When I try to deploy to 2016 it fails, saying that I the user does not have sufficient rights to execute  "ALTER DATABASE SCOPED CONFIGURATION ...".

1. Is the idea with this new setting that I need a user with sysadmin rights?
2. If not, what is the minimum that I need?
3. Is there a way to exclude this setting for SQL 2016 when using sqlpackage?

Thanks!

Hi,

For SQL Server 2012, I have a SQL Server Service running using the NT Service\MSSQLSERVER, as shown below:

From looking around at other posts, it looks like this is not a "real" windows account that I could login as, but it's a service account.

I'd like to try running the default SQL Server service as a Windows domain account.  However, I notice in the screenshot above, the NT Service\MSSQLSERVER user has a "password" in the password field, and I don't know what that value is. 

If I try using a Windows domain account to run this service, and then decide I want to go back to it using NT Service\MSSQLSERVER, am I going to be able to do that without knowing the password to that user?  Does it even *have* a password?  I'm concerned, because if I type in NT Service\MSSQLSERVER in the Account Name: box, the password field becomes blank.

In other words, everything works right now.  But I'm afraid if I change the user for the SQL Service, I'm afraid I won't be able to change it back.

Hi Folks

Here I have been configured auditing to capture the events (DML + DDL) which are performing by sysadmin users on my sql server 2008.

Enable auditing at server level for DDL activities. Here I have been configured audit action types are DATABASE_OBJECT_CHANGE_GROUP and SCHEMA_OBJECT_CHANGE_GROUP. Now I am not able to select particular "Principal Name" to capture events for a Group. When I click on browse button nothing displayed.

As same as I have enabled auditing at database level to capture DML events for the group user. But the DML events are not capturing for this group (Group has all sysadmin users).

My queries are below

How I can configured server level audit for DDL events for a particular group (Group has all the sys admin logins)???

Is it possiable to capture DML at database level for a group user???

Please clarify my quries..

Thanks you so much if you provide your valuable thoughts...

Regards

Sureddy

Hi,

we are facing an issue in our server audit audit log hits with below events unexpectedly its around 20000 per day, only change we did in our server was adding a columnstore index, and  we cannot delete or stop telemetry_xevents it creates and starts automatically from server and starts logging this events please help us to resolve this issue

our audit spec contains

(DATABASE_ROLE_MEMBER_CHANGE_GROUP),
(FAILED_DATABASE_AUTHENTICATION_GROUP),
(DATABASE_OBJECT_PERMISSION_CHANGE_GROUP),
(SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP),
(SERVER_OBJECT_PERMISSION_CHANGE_GROUP),
(SERVER_PERMISSION_CHANGE_GROUP),
(DATABASE_CHANGE_GROUP),
(SERVER_OBJECT_CHANGE_GROUP),
(DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP),
(SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP),
(SERVER_OBJECT_OWNERSHIP_CHANGE_GROUP)

Audit log taken from sys.fn_get_audit_file

object_name                    statement
telemetry_xevents    drop event session telemetry_xevents on server    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[error_reported]  (  WHERE severity >= 16 or (error_number = 18456     or error_number = 17803 or error_number = 701 or error_number = 802 or error_number = 8645 or error_number = 8651      or error_number = 8657 or error_number = 8902 or error_number = 41354 or error_number = 41355 or error_number = 41367      or error_number = 41384 or error_number = 41336 or error_number = 41309 or error_number = 41312 or error_number = 41313)  )    
    create event session telemetry_xevents on server  ADD EVENT [sqlserver].[server_start_stop]  add target package0.ring_buffer  (set occurrence_number = 100)  with  (      MAX_DISPATCH_LATENCY = 120 SECONDS,      MAX_MEMORY = 4 MB,      startup_state = on  )    

telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[missing_column_statistics]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[missing_join_predicate]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[server_memory_change]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_database_disable_completed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_database_enable_completed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_database_reauthorize_completed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_index_reconciliation_codegen_completed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_remote_column_execution_completed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_remote_column_reconciliation_codegen_completed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_remote_index_execution_completed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_table_codegen_completed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_table_alter_ddl]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_table_create_ddl]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_table_predicate_not_specified]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_table_predicate_specified]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_table_remote_creation_completed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_table_row_migration_results_event]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_table_row_unmigration_results_event]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_table_data_reconciliation_results_event]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_table_unprovision_completed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_table_validation_error]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_table_hinted_admin_update_event]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_table_hinted_admin_delete_event]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_table_query_error]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[temporal_ddl_system_versioning]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[temporal_dml_transaction_fail]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[temporal_ddl_period_add]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[temporal_ddl_period_drop]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[temporal_ddl_schema_check_fail]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[data_masking_ddl_column_definition]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[data_masking_traffic]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[data_masking_traffic_masked_only]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[always_encrypted_query_count]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[rls_query_count]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[auto_stats]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[database_cmptlevel_change]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[database_created]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[database_dropped]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[reason_many_foreign_keys_operator_not_used]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[column_store_index_build_low_memory]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[column_store_index_build_throttle]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[columnstore_delete_buffer_flush_failed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[columnstore_delta_rowgroup_closed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[columnstore_index_reorg_failed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[columnstore_log_exception]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[columnstore_rowgroup_merge_failed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[columnstore_tuple_mover_delete_buffer_truncate_timed_out]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[columnstore_tuple_mover_end_compress]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[query_memory_grant_blocking]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[natively_compiled_module_inefficiency_detected]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[natively_compiled_proc_slow_parameter_passing]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[xtp_alter_table]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[xtp_db_delete_only_mode_updatedhktrimlsn]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[xtp_stgif_container_added]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[xtp_stgif_container_deleted]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [xtpcompile].[cl_duration]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [xtpengine].[xtp_physical_db_restarted]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [xtpengine].[xtp_db_delete_only_mode_enter]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [xtpengine].[xtp_db_delete_only_mode_update]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [xtpengine].[xtp_db_delete_only_mode_exit]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [xtpengine].[parallel_alter_stats]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [xtpengine].[serial_alter_stats]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[json_function_compiled]  (  ACTION ([database_id])  )    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[string_escape_compiled]  (  ACTION ([database_id])  )    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[window_function_used]  (  ACTION ([database_id])  )    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[sequence_function_used]  (  ACTION ([database_id])  )    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [qds].[query_store_db_diagnostics]      
telemetry_xevents    alter event session telemetry_xevents on server state=start  
telemetry_xevents    drop event session telemetry_xevents on server    
telemetry_xevents    drop event session telemetry_xevents on server    
    create event session telemetry_xevents on server  ADD EVENT [sqlserver].[server_start_stop]  add target package0.ring_buffer  (set occurrence_number = 100)  with  (      MAX_DISPATCH_LATENCY = 120 SECONDS,      MAX_MEMORY = 4 MB,      startup_state = on  )    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[error_reported]  (  WHERE severity >= 16 or (error_number = 18456     or error_number = 17803 or error_number = 701 or error_number = 802 or error_number = 8645 or error_number = 8651      or error_number = 8657 or error_number = 8902 or error_number = 41354 or error_number = 41355 or error_number = 41367      or error_number = 41384 or error_number = 41336 or error_number = 41309 or error_number = 41312 or error_number = 41313)  )    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[missing_column_statistics]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[missing_join_predicate]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[server_memory_change]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_database_disable_completed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_database_enable_completed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_database_reauthorize_completed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_index_reconciliation_codegen_completed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_remote_column_execution_completed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_remote_column_reconciliation_codegen_completed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_remote_index_execution_completed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_table_codegen_completed]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_table_alter_ddl]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_table_create_ddl]    
telemetry_xevents    ALTER EVENT SESSION [telemetry_xevents] ON SERVER  ADD EVENT [sqlserver].[stretch_table_predicate_not_specified]   

Hi All,

I would like to have a database level SQL audit specification in my SQL server 2012 but my edition is just Standard Edition. Can I have some advice since I can't move on with this feature? Profiler and triggers method might be tough since I need to capture all the activities which made by some specific users within the database. (SELECT,INSERT,UPDATE,DELETE,CREATE commands and etc)

Shall I move on with 3rd party audit tools? If yes, which one is recommended? Sorry for asking if I'm not suppose to ask anything about 3rd party tools.

Really hope can get some help here. Highly appreciate and thanks.

Best Regards,

            Han

I encountered a problem with my SQL Server 2014 Standard edition. It is denying me access to the Management Studio and I cannot access the SQL Server from Visual Studio. The error message reads,

"Cannot connect to SQL. Additional information: A network-related or instance-specific error occurred while establishing a connection to SQL Server.  The server was not found or was not accessible.  Verify that the instance name is correct and that SQL Server is configured to allow remote connections (provider: TCP Provider, error: 0 - the remote computer refused the network connection.) (Microsoft SQL Server, Error: 1225).  The remote computer refused the network connection."

My SQL Server is a stand-alone installation and I have all the permissions.  I would be grateful if anyone could help me with tips on how to solve this problem.

Thank you.

Longinus.

LOE

Hi application gets an error when SSIS pkg is being executed via procedure which is activated via Service Broker queue.

Application is sending a message to a queue which activates or trigger procedure execution when msg is received in the queue.

Procedure executes ssis pkg. If we run the procedure by itself it works fine, but when its activated via the srive broker queue internally it throws error

The activated proc '[DataFlowControl].[ RunEdwB1SpotRatesExtractProc]' running on queue 'SSISDB.DataFlowControl. RECEIVE_DEST_B1_FXRATE_QUEUE' output the following:  'Cannot execute as the server principal because the principal "AC\SQL14SRVDEV_SVC" does not exist, this type of principal cannot be impersonated, or you do not have permission

AC\SQL14SRVDEV_SVC is the service account to run SQL Server services and as sysadmin role.

If we add execute as login which has sysadmin role procedure execution works fine. What's the best way to achieve what application is trying to do without security risk or providing elevated permissions.

Sample code

create queue DataFlowControl.RECEIVE_DEST_B1_FXRATE_QUEUE;

GO

ALTER QUEUE [DataFlowControl].[RECEIVE_DEST_B1_FXRATE_QUEUE]

WITH

STATUS = ON,

ACTIVATION(

STATUS = ON,

PROCEDURE_NAME = [DataFlowControl].[RunEdwExtractProc],

MAX_QUEUE_READERS = 4,

EXECUTE AS OWNER

);

GO

PRINT'[RunEdwB1SpotRatesExtractProc] started at '+format(getdate(),'yyyy-MM-dd HH:mm:ss')

DECLARE@MessageBodyVARBINARY(MAX),

SYSNAME,

UNIQUEIDENTIFIER;

WAITFOR(

RECEIVETOP(1)

=message_type_name,

=message_body,

=[conversation_handle]

FROM[DataFlowControl].[RECEIVE_DEST_B1_FXRATE_QUEUE]

),TIMEOUT6000;

IF(@@ROWCOUNT>0)

BEGIN         

DECLARE@execution_idBIGINT,

BIGINT=1;

EXECSSISDB.catalog.create_execution

@folder_name =N'EDW'

,@project_name='edw_b1_spot_rates_extract'

,@package_name='edw_b1_spot_rates_extract.dtsx'

,@execution_id=@execution_idoutput                             

EXECSSISDB.catalog.start_execution@execution_id  

WHILE(@ssis_execution_statusNOTIN(3,4,6,7,9))

BEGIN

/*The possible values are

WAITFORDELAY'00:00:01';--Pause for 1 second.

--Refresh the status.

SET@ssis_execution_status=(

SELECT

.[status]

FROM

.[catalog].[executions]

WHERE

.[execution_id]=@execution_id

);

END

END;

;

In the below image view job history is disabled we are using SQL 2014. Please let me know what i setting i need to change.

Thanks

Ranjith

BLUF:  How to set ACLs for SQL Agent and the MSDTS000 - concept of least permission -  is there a POWERSHELL for this somewhere in the Microsoft arsenal?

DETAIL: Generally speaking, the Configuration Manager takes care of a good deal of permission aside from what is set in the local security policy, that said, there seems to be a lot missing in the SQL Server setup for setting up the ACLs properly.

SQL allows the user to setup a service account and then SQL configures all the necessary ACLs during setup.  It does this for MSSQL$<instancename>, for SQLAgent$<instancename>, and for MSDTSServer000.  Additionally, on newer versions there is similar accounts setup for xxx$RSERVER.

The problem arises when a domain service account rather than the MSSQL$ local virtual service runs SQL Server Agent or the MSDTS service is used for the service.  Given the SSIS legacy, a domain account is generally used to run the Integration Services / DTSX packages that operate between the OLTP and the datawarehouse server because it requires domain level permissions.  Using an over-privileged domain account for this purpose can lead to unknown vulnerabilities.

ACL Examples: For example, SQL Agent needs access to the SQLAGENT.OUT and the ERRORLOG files.  Replacing it with a domain service account (assuming that we give it least permission) means that the SQLAGENT.OUT file must have an ACL for the domain service account that is running SQL Agent or it will fail to start.  The easy way to create this is to give read ACL to the ..\MSSQL\Log folder.  AN easier way, would of course be, if Microsoft set the installer up to designate a specific service account to run the Agent and the Integration Services and so on rather than set an account that has SA so it can be used as a service account after the fact.

The Integration Services requires rights on the ..\000\DTS\Binn folder.  Same applied here.   And on more occasions that one, it seems there is always some other ACL that is missing here and there for these accounts.

Given the nature of SQL and the need for the highest level of security, having the ability to assign a service account to a service during setup would make the process much simpler.  

Is there a PowerShell in the Microsoft arsenal that handles this?

(dropped in a connect suggestion if you would like to see this improved in future setup software for Sql Server https://connect.microsoft.com/SQLServer/feedback/details/3118235)

R, J

Hi All,<o:p></o:p>

I have a tricky question about agent jobs. We have a support team, and they need to create some agent jobs in SQL. The jobs usually have T-SQL inside ( read data from a database, dump output into temp table, email info to users). Here was what I did <o:p></o:p>

1. Create a job which SA is the owner<o:p></o:p>

2.copy-paste T-SQL which the support team gave to me inside the job<o:p></o:p>

3. schedule the job<o:p></o:p>

I granted db_owner permission in MSDB to the group login which the support team has. They can view/disable/enable/execute the job, but they can't edit the job.  Microsoft does not allow a group login as job's owner unless we create credential /proxy, but proxy does not have T-SQL subsystems feature. <o:p></o:p>

Another solution is, I can create a SP for the T-SQL and replace T-SQL with SP in the job, grant full permission of SP to the group  login, so they can edit SP instead of job, but the support team did not accept the solution. <o:p></o:p>

Does anybody know if there is any other way to fix the issue? I don't want to give SYSADM to the support team.<o:p></o:p>

Thank you very much.<o:p></o:p>

David<o:p></o:p>

Hello,

As we know we can backup databases on network device. Is their any way we can write SQL Server Audit Files to a network device?

Regards,

Taoqir