Hello-
We have to export data as part of processing and save it as a flat file.
What developers did was to use xp_cmdshell and export data that way.
It solved that problem but now the account calling it has be a member of
System Administration Server Role... a security risk!
Is there any other way of exporting data... with limited rights?
--
Regards,
MZeeshanDo it using an app external to SQL Server? Then all they need to be is
db_datareader and be able to execute the stored procedure that generates the
results.
Or, lock down your SQL Server. Just because the job runs as SA doesn't mean
that anybody can do anything with it... they have to get to it first.
--
Please post DDL, sample data and desired results.
See http://www.aspfaq.com/5006 for info.
"MZeeshan" <mzeeshan@.community.nospam> wrote in message
news:82D77840-34C2-45F1-8D4B-999B3A27D212@.microsoft.com...
> Hello-
> We have to export data as part of processing and save it as a flat file.
> What developers did was to use xp_cmdshell and export data that way.
> It solved that problem but now the account calling it has be a member of
> System Administration Server Role... a security risk!
> Is there any other way of exporting data... with limited rights?
> --
> Regards,
> MZeeshan|||"Aaron [SQL Server MVP]" wrote:
> Do it using an app external to SQL Server? Then all they need to be is
> db_datareader and be able to execute the stored procedure that generates the
> results.
>
Would you elaborate on this? It seems interesting!
We have nested SPs and one in the inner level has this functionality (so
that it can be called anytime any data has to be exported).
Its a 3-tier application with data requests being generated from app. server
level (calling the outer stored procedure)?
> Or, lock down your SQL Server. Just because the job runs as SA doesn't mean
> that anybody can do anything with it... they have to get to it first.
>
I wish I could... but that's out of question. Because its an old code
(before I joined here) and the business unit is not willing to let that
functionality... unless I have a better plan!
> --
> Please post DDL, sample data and desired results.
> See http://www.aspfaq.com/5006 for info.
>
>
> "MZeeshan" <mzeeshan@.community.nospam> wrote in message
> news:82D77840-34C2-45F1-8D4B-999B3A27D212@.microsoft.com...
> > Hello-
> >
> > We have to export data as part of processing and save it as a flat file.
> > What developers did was to use xp_cmdshell and export data that way.
> >
> > It solved that problem but now the account calling it has be a member of
> > System Administration Server Role... a security risk!
> >
> > Is there any other way of exporting data... with limited rights?
> >
> > --
> > Regards,
> > MZeeshan
>
>|||MZeeshan wrote:
> Hello-
> We have to export data as part of processing and save it as a flat file.
> What developers did was to use xp_cmdshell and export data that way.
> It solved that problem but now the account calling it has be a member of
> System Administration Server Role... a security risk!
> Is there any other way of exporting data... with limited rights?
Could you not set up a Text File data source and add it as a linked
server, then INSERT INTO ( SELECT FROM ) it?|||Can you explain with some example?
"Ryan Walberg [MCSD]" wrote:
> MZeeshan wrote:
> > Hello-
> >
> > We have to export data as part of processing and save it as a flat file.
> > What developers did was to use xp_cmdshell and export data that way.
> >
> > It solved that problem but now the account calling it has be a member of
> > System Administration Server Role... a security risk!
> >
> > Is there any other way of exporting data... with limited rights?
> Could you not set up a Text File data source and add it as a linked
> server, then INSERT INTO ( SELECT FROM ) it?
>|||Hi MZeeshan,
You might also want to setup a SQL Server Agent proxy account allows SQL
Server users who do not belong to the sysadmin fixed server role to execute
xp_cmdshell. The administrators can assign appropriate security permissions
to the proxy account. When xp_cmdshell is invoked by a user who is a member
of the sysadmin fixed server role, xp_cmdshell will be executed under the
security context in which the SQL Server service is running. When the user
is not a member of the sysadmin group, xp_cmdshell will impersonate the SQL
Server Agent proxy account, which is specified using
xp_sqlagent_proxy_account. If the proxy account is not available,
xp_cmdshell will fail. This is true only for Microsoft? Windows NT 4.0 and
Windows 2000. On Windows 9.x, there is no impersonation and xp_cmdshell is
always executed under the security context of the Windows 9.x user who
started SQL Server.
Sincerely,
William Wang
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
This posting is provided "AS IS" with no warranties, and confers no rights.
--
>Thread-Topic: Exporting data using T-SQL... something opposite of BULK
INSERT.
>thread-index: AcUwq6YH0fxNNv1mTzCEMQ4DgGq4pQ==>X-WBNR-Posting-Host: 208.250.29.8
>From: "=?Utf-8?B?TVplZXNoYW4=?=" <mzeeshan@.community.nospam>
>Subject: Exporting data using T-SQL... something opposite of BULK INSERT.
>Date: Thu, 24 Mar 2005 11:57:03 -0800
>Lines: 13
>Message-ID: <82D77840-34C2-45F1-8D4B-999B3A27D212@.microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.sqlserver.server
>Path: TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.sqlserver.server:383149
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
>X-Tomcat-NG: microsoft.public.sqlserver.server
>Hello-
>We have to export data as part of processing and save it as a flat file.
>What developers did was to use xp_cmdshell and export data that way.
>It solved that problem but now the account calling it has be a member of
>System Administration Server Role... a security risk!
>Is there any other way of exporting data... with limited rights?
>--
>Regards,
>MZeeshan
>|||Is it also true for SQL Server on Windows 2003 Server? Can you also give some
examples. I am also searching on the net and BOL explanation was little bit
cryptic.
"William Wang[MSFT]" wrote:
> Hi MZeeshan,
> You might also want to setup a SQL Server Agent proxy account allows SQL
> Server users who do not belong to the sysadmin fixed server role to execute
> xp_cmdshell. The administrators can assign appropriate security permissions
> to the proxy account. When xp_cmdshell is invoked by a user who is a member
> of the sysadmin fixed server role, xp_cmdshell will be executed under the
> security context in which the SQL Server service is running. When the user
> is not a member of the sysadmin group, xp_cmdshell will impersonate the SQL
> Server Agent proxy account, which is specified using
> xp_sqlagent_proxy_account. If the proxy account is not available,
> xp_cmdshell will fail. This is true only for Microsoft? Windows NT 4.0 and
> Windows 2000. On Windows 9.x, there is no impersonation and xp_cmdshell is
> always executed under the security context of the Windows 9.x user who
> started SQL Server.
> Sincerely,
> William Wang
> Microsoft Online Partner Support
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> This posting is provided "AS IS" with no warranties, and confers no rights.
> --
> >Thread-Topic: Exporting data using T-SQL... something opposite of BULK
> INSERT.
> >thread-index: AcUwq6YH0fxNNv1mTzCEMQ4DgGq4pQ==> >X-WBNR-Posting-Host: 208.250.29.8
> >From: "=?Utf-8?B?TVplZXNoYW4=?=" <mzeeshan@.community.nospam>
> >Subject: Exporting data using T-SQL... something opposite of BULK INSERT.
> >Date: Thu, 24 Mar 2005 11:57:03 -0800
> >Lines: 13
> >Message-ID: <82D77840-34C2-45F1-8D4B-999B3A27D212@.microsoft.com>
> >MIME-Version: 1.0
> >Content-Type: text/plain;
> > charset="Utf-8"
> >Content-Transfer-Encoding: 7bit
> >X-Newsreader: Microsoft CDO for Windows 2000
> >Content-Class: urn:content-classes:message
> >Importance: normal
> >Priority: normal
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >Newsgroups: microsoft.public.sqlserver.server
> >Path: TK2MSFTNGXA03.phx.gbl
> >Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.sqlserver.server:383149
> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
> >X-Tomcat-NG: microsoft.public.sqlserver.server
> >
> >Hello-
> >
> >We have to export data as part of processing and save it as a flat file.
> >What developers did was to use xp_cmdshell and export data that way.
> >
> >It solved that problem but now the account calling it has be a member of
> >System Administration Server Role... a security risk!
> >
> >Is there any other way of exporting data... with limited rights?
> >
> >--
> >Regards,
> >MZeeshan
> >
>|||That was really helpful. Thank you!!!
"William Wang[MSFT]" wrote:
> Hi MZeeshan,
> You might also want to setup a SQL Server Agent proxy account allows SQL
> Server users who do not belong to the sysadmin fixed server role to execute
> xp_cmdshell. The administrators can assign appropriate security permissions
> to the proxy account. When xp_cmdshell is invoked by a user who is a member
> of the sysadmin fixed server role, xp_cmdshell will be executed under the
> security context in which the SQL Server service is running. When the user
> is not a member of the sysadmin group, xp_cmdshell will impersonate the SQL
> Server Agent proxy account, which is specified using
> xp_sqlagent_proxy_account. If the proxy account is not available,
> xp_cmdshell will fail. This is true only for Microsoft? Windows NT 4.0 and
> Windows 2000. On Windows 9.x, there is no impersonation and xp_cmdshell is
> always executed under the security context of the Windows 9.x user who
> started SQL Server.
> Sincerely,
> William Wang
> Microsoft Online Partner Support
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> This posting is provided "AS IS" with no warranties, and confers no rights.
> --
> >Thread-Topic: Exporting data using T-SQL... something opposite of BULK
> INSERT.
> >thread-index: AcUwq6YH0fxNNv1mTzCEMQ4DgGq4pQ==> >X-WBNR-Posting-Host: 208.250.29.8
> >From: "=?Utf-8?B?TVplZXNoYW4=?=" <mzeeshan@.community.nospam>
> >Subject: Exporting data using T-SQL... something opposite of BULK INSERT.
> >Date: Thu, 24 Mar 2005 11:57:03 -0800
> >Lines: 13
> >Message-ID: <82D77840-34C2-45F1-8D4B-999B3A27D212@.microsoft.com>
> >MIME-Version: 1.0
> >Content-Type: text/plain;
> > charset="Utf-8"
> >Content-Transfer-Encoding: 7bit
> >X-Newsreader: Microsoft CDO for Windows 2000
> >Content-Class: urn:content-classes:message
> >Importance: normal
> >Priority: normal
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >Newsgroups: microsoft.public.sqlserver.server
> >Path: TK2MSFTNGXA03.phx.gbl
> >Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.sqlserver.server:383149
> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
> >X-Tomcat-NG: microsoft.public.sqlserver.server
> >
> >Hello-
> >
> >We have to export data as part of processing and save it as a flat file.
> >What developers did was to use xp_cmdshell and export data that way.
> >
> >It solved that problem but now the account calling it has be a member of
> >System Administration Server Role... a security risk!
> >
> >Is there any other way of exporting data... with limited rights?
> >
> >--
> >Regards,
> >MZeeshan
> >
>|||To setup the Server Agent proxy account, follow these steps:
1. Start Enterprise Manager.
2. Expand a server group and expand your SQL Server.
3. Expand the Management folder and right-click SQL Server Agent, select
Properties.
4. Click on the Job System tab. Under the "Non-Sysadmin job step proxy
account" section, clear the "Only users with SysAdmin privileges can
execute CmdExec and ActiveScripting job steps" check box, and click the
"Reset Proxy Account" button.
5. Type the user name, password, and domain of the user account to be used
when non-sysadmin executes xp_cmdshell or by SQL Server Agent running jobs
owned by users who are not system administrators.
Sincerely,
William Wang
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
Business-Critical Phone Support (BCPS) provides you with technical phone
support at no charge during critical LAN outages or "business down"
situations. This benefit is available 24 hours a day, 7 days a week to all
Microsoft technology partners in the United States and Canada.
This and other support options are available here:
BCPS:
https://partner.microsoft.com/US/technicalsupport/supportoverview/40010469
Others: https://partner.microsoft.com/US/technicalsupport/supportoverview/
If you are outside the United States, please visit our International
Support page:
http://support.microsoft.com/default.aspx?scid=%2finternational.aspx.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--
>Thread-Topic: Exporting data using T-SQL... something opposite of BULK
INSER
>thread-index: AcUxCPfsCMB02TOwRRyHt65H99UOTw==>X-WBNR-Posting-Host: 208.250.29.8
>From: "=?Utf-8?B?TVplZXNoYW4=?=" <mzeeshan@.community.nospam>
>References: <82D77840-34C2-45F1-8D4B-999B3A27D212@.microsoft.com>
<ZacGZKQMFHA.1016@.TK2MSFTNGXA03.phx.gbl>
>Subject: RE: Exporting data using T-SQL... something opposite of BULK INSER
>Date: Thu, 24 Mar 2005 23:05:03 -0800
>Lines: 72
>Message-ID: <662BCC4F-0854-44B7-903C-BE71DB1C19F3@.microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.sqlserver.server
>Path: TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.sqlserver.server:383194
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
>X-Tomcat-NG: microsoft.public.sqlserver.server
>Is it also true for SQL Server on Windows 2003 Server? Can you also give
some
>examples. I am also searching on the net and BOL explanation was little
bit
>cryptic.
>"William Wang[MSFT]" wrote:
>> Hi MZeeshan,
>> You might also want to setup a SQL Server Agent proxy account allows SQL
>> Server users who do not belong to the sysadmin fixed server role to
execute
>> xp_cmdshell. The administrators can assign appropriate security
permissions
>> to the proxy account. When xp_cmdshell is invoked by a user who is a
member
>> of the sysadmin fixed server role, xp_cmdshell will be executed under
the
>> security context in which the SQL Server service is running. When the
user
>> is not a member of the sysadmin group, xp_cmdshell will impersonate the
SQL
>> Server Agent proxy account, which is specified using
>> xp_sqlagent_proxy_account. If the proxy account is not available,
>> xp_cmdshell will fail. This is true only for Microsoft? Windows NT 4.0
and
>> Windows 2000. On Windows 9.x, there is no impersonation and xp_cmdshell
is
>> always executed under the security context of the Windows 9.x user who
>> started SQL Server.
>> Sincerely,
>> William Wang
>> Microsoft Online Partner Support
>> When responding to posts, please "Reply to Group" via your newsreader so
>> that others may learn and benefit from your issue.
>> This posting is provided "AS IS" with no warranties, and confers no
rights.
>> --
>> >Thread-Topic: Exporting data using T-SQL... something opposite of BULK
>> INSERT.
>> >thread-index: AcUwq6YH0fxNNv1mTzCEMQ4DgGq4pQ==>> >X-WBNR-Posting-Host: 208.250.29.8
>> >From: "=?Utf-8?B?TVplZXNoYW4=?=" <mzeeshan@.community.nospam>
>> >Subject: Exporting data using T-SQL... something opposite of BULK
INSERT.
>> >Date: Thu, 24 Mar 2005 11:57:03 -0800
>> >Lines: 13
>> >Message-ID: <82D77840-34C2-45F1-8D4B-999B3A27D212@.microsoft.com>
>> >MIME-Version: 1.0
>> >Content-Type: text/plain;
>> > charset="Utf-8"
>> >Content-Transfer-Encoding: 7bit
>> >X-Newsreader: Microsoft CDO for Windows 2000
>> >Content-Class: urn:content-classes:message
>> >Importance: normal
>> >Priority: normal
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>> >Newsgroups: microsoft.public.sqlserver.server
>> >Path: TK2MSFTNGXA03.phx.gbl
>> >Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.sqlserver.server:383149
>> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
>> >X-Tomcat-NG: microsoft.public.sqlserver.server
>> >
>> >Hello-
>> >
>> >We have to export data as part of processing and save it as a flat
file.
>> >What developers did was to use xp_cmdshell and export data that way.
>> >
>> >It solved that problem but now the account calling it has be a member
of
>> >System Administration Server Role... a security risk!
>> >
>> >Is there any other way of exporting data... with limited rights?
>> >
>> >--
>> >Regards,
>> >MZeeshan
>> >
>>
>|||Sorry that I missed your first question.
>Is it also true for SQL Server on Windows 2003 Server?
Yes, it's true.
Sincerely,
William Wang
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
This posting is provided "AS IS" with no warranties, and confers no rights.
--
>Newsgroups: microsoft.public.sqlserver.server
>From: v-rxwang@.online.microsoft.com (William Wang[MSFT])
>Organization: Microsoft
>Date: Fri, 25 Mar 2005 07:50:34 GMT
>Subject: RE: Exporting data using T-SQL... something opposite of BULK INSER
>X-Tomcat-NG: microsoft.public.sqlserver.server
>MIME-Version: 1.0
>Content-Type: text/plain
>Content-Transfer-Encoding: 7bit
>To setup the Server Agent proxy account, follow these steps:
>1. Start Enterprise Manager.
>2. Expand a server group and expand your SQL Server.
>3. Expand the Management folder and right-click SQL Server Agent, select
>Properties.
>4. Click on the Job System tab. Under the "Non-Sysadmin job step proxy
>account" section, clear the "Only users with SysAdmin privileges can
>execute CmdExec and ActiveScripting job steps" check box, and click the
>"Reset Proxy Account" button.
>5. Type the user name, password, and domain of the user account to be used
>when non-sysadmin executes xp_cmdshell or by SQL Server Agent running jobs
>owned by users who are not system administrators.
>Sincerely,
>William Wang
>Microsoft Online Partner Support
>When responding to posts, please "Reply to Group" via your newsreader so
>that others may learn and benefit from your issue.
>=====================================================>Business-Critical Phone Support (BCPS) provides you with technical phone
>support at no charge during critical LAN outages or "business down"
>situations. This benefit is available 24 hours a day, 7 days a week to all
>Microsoft technology partners in the United States and Canada.
>This and other support options are available here:
>BCPS:
>https://partner.microsoft.com/US/technicalsupport/supportoverview/40010469
>Others: https://partner.microsoft.com/US/technicalsupport/supportoverview/
>If you are outside the United States, please visit our International
>Support page:
>http://support.microsoft.com/default.aspx?scid=%2finternational.aspx.
>=====================================================>This posting is provided "AS IS" with no warranties, and confers no rights.
>--
>>Thread-Topic: Exporting data using T-SQL... something opposite of BULK
>INSER
>>thread-index: AcUxCPfsCMB02TOwRRyHt65H99UOTw==>>X-WBNR-Posting-Host: 208.250.29.8
>>From: "=?Utf-8?B?TVplZXNoYW4=?=" <mzeeshan@.community.nospam>
>>References: <82D77840-34C2-45F1-8D4B-999B3A27D212@.microsoft.com>
><ZacGZKQMFHA.1016@.TK2MSFTNGXA03.phx.gbl>
>>Subject: RE: Exporting data using T-SQL... something opposite of BULK
INSER
>>Date: Thu, 24 Mar 2005 23:05:03 -0800
>>Lines: 72
>>Message-ID: <662BCC4F-0854-44B7-903C-BE71DB1C19F3@.microsoft.com>
>>MIME-Version: 1.0
>>Content-Type: text/plain;
>> charset="Utf-8"
>>Content-Transfer-Encoding: 7bit
>>X-Newsreader: Microsoft CDO for Windows 2000
>>Content-Class: urn:content-classes:message
>>Importance: normal
>>Priority: normal
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>>Newsgroups: microsoft.public.sqlserver.server
>>Path: TK2MSFTNGXA03.phx.gbl
>>Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.sqlserver.server:383194
>>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
>>X-Tomcat-NG: microsoft.public.sqlserver.server
>>Is it also true for SQL Server on Windows 2003 Server? Can you also give
>some
>>examples. I am also searching on the net and BOL explanation was little
>bit
>>cryptic.
>>"William Wang[MSFT]" wrote:
>> Hi MZeeshan,
>> You might also want to setup a SQL Server Agent proxy account allows
SQL
>> Server users who do not belong to the sysadmin fixed server role to
>execute
>> xp_cmdshell. The administrators can assign appropriate security
>permissions
>> to the proxy account. When xp_cmdshell is invoked by a user who is a
>member
>> of the sysadmin fixed server role, xp_cmdshell will be executed under
>the
>> security context in which the SQL Server service is running. When the
>user
>> is not a member of the sysadmin group, xp_cmdshell will impersonate the
>SQL
>> Server Agent proxy account, which is specified using
>> xp_sqlagent_proxy_account. If the proxy account is not available,
>> xp_cmdshell will fail. This is true only for Microsoft? Windows NT 4.0
>and
>> Windows 2000. On Windows 9.x, there is no impersonation and xp_cmdshell
>is
>> always executed under the security context of the Windows 9.x user who
>> started SQL Server.
>> Sincerely,
>> William Wang
>> Microsoft Online Partner Support
>> When responding to posts, please "Reply to Group" via your newsreader
so
>> that others may learn and benefit from your issue.
>> This posting is provided "AS IS" with no warranties, and confers no
>rights.
>> --
>> >Thread-Topic: Exporting data using T-SQL... something opposite of BULK
>> INSERT.
>> >thread-index: AcUwq6YH0fxNNv1mTzCEMQ4DgGq4pQ==>> >X-WBNR-Posting-Host: 208.250.29.8
>> >From: "=?Utf-8?B?TVplZXNoYW4=?=" <mzeeshan@.community.nospam>
>> >Subject: Exporting data using T-SQL... something opposite of BULK
>INSERT.
>> >Date: Thu, 24 Mar 2005 11:57:03 -0800
>> >Lines: 13
>> >Message-ID: <82D77840-34C2-45F1-8D4B-999B3A27D212@.microsoft.com>
>> >MIME-Version: 1.0
>> >Content-Type: text/plain;
>> > charset="Utf-8"
>> >Content-Transfer-Encoding: 7bit
>> >X-Newsreader: Microsoft CDO for Windows 2000
>> >Content-Class: urn:content-classes:message
>> >Importance: normal
>> >Priority: normal
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>> >Newsgroups: microsoft.public.sqlserver.server
>> >Path: TK2MSFTNGXA03.phx.gbl
>> >Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.sqlserver.server:383149
>> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
>> >X-Tomcat-NG: microsoft.public.sqlserver.server
>> >
>> >Hello-
>> >
>> >We have to export data as part of processing and save it as a flat
>file.
>> >What developers did was to use xp_cmdshell and export data that way.
>> >
>> >It solved that problem but now the account calling it has be a member
>of
>> >System Administration Server Role... a security risk!
>> >
>> >Is there any other way of exporting data... with limited rights?
>> >
>> >--
>> >Regards,
>> >MZeeshan
>> >
>>
>|||Have you considered using DTS ? Unless there are some really really complex
requirement in the export DTS will probably handle anything you need. You
can define a DTS job and allow a user account to run it and avoid the
security problem you described.
"MZeeshan" wrote:
> Hello-
> We have to export data as part of processing and save it as a flat file.
> What developers did was to use xp_cmdshell and export data that way.
> It solved that problem but now the account calling it has be a member of
> System Administration Server Role... a security risk!
> Is there any other way of exporting data... with limited rights?
> --
> Regards,
> MZeeshansql
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment