Controlling Access to the Integration Services Service
While package protection levels can limit who is allowed to edit and execute a package, a further level of protection is needed to limit who can view the list of packages currently running on a server and who can stop currently executing packages in SQL Server Management Studio.
SQL Server Management Studio uses the SQL Server service to list running packages. Members of the Windows Administrators group can view and stop all currently running packages. Users who are not members of the Administrators group can view and stop only packages that they started.
It is important to restrict access to computers that run an SQL Server service, especially an SQL Server service that can enumerate remote folders. Any authenticated user can request the enumeration of packages. Even if no packages are found by the service, the service enumerates folders. These folder names may be useful to a malicious user. If an administrator has configured the service to enumerate folders on a remote machine, users may also be able to see folder names that they would normally not be able to see.
|