There are three fixed database-level roles for Integration Services 2012 that are very similar to those available in SSIS 2005 and 2008. You may be wondering why you didn't spot them when we added our user to the ssis_admin
role, but that is because they only exist in the msdb
database rather than the SSISDB database we created.
These roles, db_ssisadmin
, db_ssisltduser
and db_ssisoperator
allow you to manage user access to your SSIS packages. To add a user to these roles from SSMS:
Expand the Security node in Object Explorer.
Expand the Logins node.
Double-click on the login you want to edit, which brings up the Login Properties window:
Make sure the login has access to the msdb database and then select the three roles in the bottom pane. Click on OK to save.
You can adjust the permissions of each of these roles to create custom security settings for your environment. Let us take a quick look at how we can prevent users in the db_ssisadmin role from deleting packages...