But, if you change the user that runs the engine AFTER the installation is complete, these permissions are not applied automatically. So it is important to remember to set these privileges.
Here is a script that helps you to determine which privileges you need to give. Depending of your SQL Server configuration, some may not be needed.
DECLARE @Res TABLE ( [output] NVARCHAR(255) ); INSERT INTO @Res EXEC xp_cmdshell 'WHOAMI'; SELECT 'MSSQL engine runs with user ' + output FROM @Res WHERE output IS NOT NULL DELETE FROM @Res INSERT INTO @Res EXEC xp_cmdshell 'WHOAMI /PRIV'; SELECT rp.PrivilegeName, RTRIM(LTRIM(REPLACE(r.output, rp.PrivilegeName, ''))) AS PrivilegeStatus FROM @Res r INNER JOIN ( VALUES ( 'SeAssignPrimaryTokenPrivilege' ), ( 'SeChangeNotifyPrivilege' ), ( 'SeIncreaseQuotaPrivilege' ), ( 'SeLockMemoryPrivilege' ) ) rp ( PrivilegeName ) ON r.output LIKE '%' + rp.PrivilegeName + '%'
Under Security Settings / Local Policies / User Rights Assignment, you can find the privileges mentioned above. Open each one that is disabled, and add the MSSQL engine user.
A reboot of server may be required for changes to take effect.
Resources:
- https://www.oraylis.de/blog/fixing-sql-2012-ssis-deployment-error-6522-a-required-privilege-is-not-held-by-the-client
- https://dba.stackexchange.com/questions/82000/how-can-i-reliably-determine-if-a-given-sql-server-instance-has-the-lock-pages
- https://docs.microsoft.com/fr-fr/sql/database-engine/configure-windows/configure-windows-service-accounts-and-permissions?view=sql-server-2017
No comments:
Post a Comment