Deployment Utility or Import Package?

In reference to the question raised in this thread
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1460591&SiteID=1

Since I'm not able to create a deployment utility, when a config file is shared among multiple packages and also I cannot get the permission from Sys Admins to use Env. Variables I'm struck.

Now I'm thinking of importing the package to Sql Server from the file system. Is there any caveats in this approach? especially regarding the config files?

[edit]
Also, do I need any special permissions to view the Integeration Services node in Management Studio? We are using Integerated Authentication, neither do I'm able to run sp_start_job sp in the msdb database.
[/edit]

Thanks

You might want to look at DTUTIL for deployment. It's a little more work than just building the project in SSIS, but it is more flexible.

With the config files, you just need to be sure they are accessible from the package once it is in SQL Server.

Deny Administrator Access to DB

Hey all,
I am developing an application to track very sensitive company personnel
information. This of course raised the issue of protecting this sensitive
information from everyone not authorized to see it.....including the DB
Administrator. The DB Server (SQL 7) has many databases on it, but the
System Administrator must not be able to access the data in those tables
containing the sensitive information. I have tried denying an SA user
rights to SELECT from a table, but I could still select and view all the
data.
Any ideas?
Jeremy Byron
jbyron@.cynaptec.nb.ns.ca <remove ns to email me>You cannot stop SA from looking at the tables...
HOWEVER - you CAN log the users that view the data.
For the tables that contain sensitive information, you can put a trigger on
the select, update, and delete to generate a log entry.
Of course, you would ask - "But the DBA can delete those rows". Sure they
can - but you can also log it so that you also have it generate a MSMQ
transaction where you can have a service that processes those records into
an external file store.
I would also reccommend seeing the July 2004 edition of SQL Server
Magazine - p.15 on "Privacy Matters" for some other suggestions as well.
=-Chris
"Moi" <moi@.here.com> wrote in message
news:7FF1D2C9B9DB6525.1907DEF59F04D933.8248BD072E33C3AD@.lp.airnews.net...
> Hey all,
> I am developing an application to track very sensitive company personnel
> information. This of course raised the issue of protecting this sensitive
> information from everyone not authorized to see it.....including the DB
> Administrator. The DB Server (SQL 7) has many databases on it, but the
> System Administrator must not be able to access the data in those tables
> containing the sensitive information. I have tried denying an SA user
> rights to SELECT from a table, but I could still select and view all the
> data.
> Any ideas?
> Jeremy Byron
> jbyron@.cynaptec.nb.ns.ca <remove ns to email me>
>|||> you can put a trigger on the select,
Are you sure about that? Books Online doesn't seem to agree:
CREATE TRIGGER trigger_name
ON { table | view }
[ WITH ENCRYPTION ]
{
{ { FOR | AFTER | INSTEAD OF } { [ INSERT ] [ , ]
1; UPDATE ] [ , ] [
DELETE ] }
http://www.aspfaq.com/
(Reverse address to reply.)

Deny Administrator Access to DB

Hey all,
I am developing an application to track very sensitive company personnel
information. This of course raised the issue of protecting this sensitive
information from everyone not authorized to see it.....including the DB
Administrator. The DB Server (SQL 7) has many databases on it, but the
System Administrator must not be able to access the data in those tables
containing the sensitive information. I have tried denying an SA user
rights to SELECT from a table, but I could still select and view all the
data.
Any ideas?
Jeremy Byron
jbyron@.cynaptec.nb.ns.ca <remove ns to email me>
In article <7FF1D2C9B9DB6525.1907DEF59F04D933.8248BD072E33C3A D@.lp.airnews.net>,
Moi <moi@.here.com> wrote:
>Hey all,
>I am developing an application to track very sensitive company personnel
>information. This of course raised the issue of protecting this sensitive
>information from everyone not authorized to see it.....including the DB
>Administrator. The DB Server (SQL 7) has many databases on it, but the
>System Administrator must not be able to access the data in those tables
>containing the sensitive information. I have tried denying an SA user
>rights to SELECT from a table, but I could still select and view all the
>data.
>
AFAIK, this is not possible. Much like the root user in UNIX, sa must and
does, have access to everything.
|||Actually there may be a way:
1. setup a username and role for yourself with the appropriate rights.
2. have someone who should have access to the information change the sa
password at the console.
The downside is that if you ever need to do something with SA privledges,
you will need to have the person who created the password give it to you so
you can get in and do whatever you have to do.
This is more secure, but no foolproof. A sly DBA will be able to setup
their role in such a way that they won't need the SA password.
Tom
Moi <moi@.here.com> wrote in message
news:7FF1D2C9B9DB6525.1907DEF59F04D933.8248BD072E3 3C3AD@.lp.airnews.net...
> Hey all,
> I am developing an application to track very sensitive company personnel
> information. This of course raised the issue of protecting this sensitive
> information from everyone not authorized to see it.....including the DB
> Administrator. The DB Server (SQL 7) has many databases on it, but the
> System Administrator must not be able to access the data in those tables
> containing the sensitive information. I have tried denying an SA user
> rights to SELECT from a table, but I could still select and view all the
> data.
> Any ideas?
> Jeremy Byron
> jbyron@.cynaptec.nb.ns.ca <remove ns to email me>
>

Deny Administrator Access to DB

Hey all,
I am developing an application to track very sensitive company personnel
information. This of course raised the issue of protecting this sensitive
information from everyone not authorized to see it.....including the DB
Administrator. The DB Server (SQL 7) has many databases on it, but the
System Administrator must not be able to access the data in those tables
containing the sensitive information. I have tried denying an SA user
rights to SELECT from a table, but I could still select and view all the
data.
Any ideas?
Jeremy Byron
jbyron@.cynaptec.nb.ns.ca <remove ns to email me>
You cannot stop SA from looking at the tables...
HOWEVER - you CAN log the users that view the data.
For the tables that contain sensitive information, you can put a trigger on
the select, update, and delete to generate a log entry.
Of course, you would ask - "But the DBA can delete those rows". Sure they
can - but you can also log it so that you also have it generate a MSMQ
transaction where you can have a service that processes those records into
an external file store.
I would also reccommend seeing the July 2004 edition of SQL Server
Magazine - p.15 on "Privacy Matters" for some other suggestions as well.
=-Chris
"Moi" <moi@.here.com> wrote in message
news:7FF1D2C9B9DB6525.1907DEF59F04D933.8248BD072E3 3C3AD@.lp.airnews.net...
> Hey all,
> I am developing an application to track very sensitive company personnel
> information. This of course raised the issue of protecting this sensitive
> information from everyone not authorized to see it.....including the DB
> Administrator. The DB Server (SQL 7) has many databases on it, but the
> System Administrator must not be able to access the data in those tables
> containing the sensitive information. I have tried denying an SA user
> rights to SELECT from a table, but I could still select and view all the
> data.
> Any ideas?
> Jeremy Byron
> jbyron@.cynaptec.nb.ns.ca <remove ns to email me>
>
|||> you can put a trigger on the select,
Are you sure about that? Books Online doesn't seem to agree:
CREATE TRIGGER trigger_name
ON { table | view }
[ WITH ENCRYPTION ]
{
{ { FOR | AFTER | INSTEAD OF } { [ INSERT ] [ , ] [ UPDATE ] [ , ] [
DELETE ] }
http://www.aspfaq.com/
(Reverse address to reply.)