Protecting Access to Running Packages
While package protection levels can limit who is allowed to edit and execute a package, a further level of protection is needed to limit who can view the list of packages currently running on a server and who can stop currently executing packages in SQL Server Management Studio.
SQL Server Management Studio uses the Integration Services service to list running packages. Members of the Windows Administrators group can view and stop all currently running packages. Users who are not members of the Administrators group can view and stop only packages that they started.
It is important to restrict access to computers that run an SQL Server service, especially an Integration Services service that can enumerate remote folders. Any authenticated user can request the enumeration of packages. Even if no packages are found by the service, the service enumerates folders. These folder names may be useful to a malicious user. If an administrator has configured the service to enumerate folders on a remote machine, users may also be able to see folder names that they would normally not be able to see.
Help and Information
12 December 2006