With all the hackers out there, it's easy to narrowly think of Integration Services security as a set of features that protect against malicious attacks. Although that's certainly part of the security equation, protecting packages is a much broader and more complex problem. You need to prevent the wrong people from changing or executing the package while still allowing the right people that access. You need to provide for access combinations such as allowing some individuals to execute, but not change, a package. Whether by malicious intent or accidental corruption, you need to detect if packages have changed. But you might also need to keep people from viewing certain packages. You might need to protect certain parts of packages that might be more sensitive than others or you might want to send the package via unsecured channels to a partner and need to protect the entire package from being viewed by anyone but the individual to whom you sent it. Finally, you want these features to be easy to use and virtually transparent so that they don't get in the way of day-to-day operations. These are some of the scenarios the Integration Services security feature set supports. Like other areas of the product, the Integration Services security features have been conceived and developed as a platform of separate but interoperable primitives that you can use exclusively or in combination with other security features to establish a custom security policy that matches the needs of your organization. The security features fall into six functional categories, as follows:
This chapter covers how the SSIS security features address each of these categories and provide some helpful tips on how to diagnose and resolve security-related problems that you might encounter. Finally, the chapter wraps up with some recommended security settings for certain sample environments. |