Secure Development (Integration Services)
As at every stage in the life cycle of an Integration Services package, you can enhance security when you design and modify packages in BI Development Studio by implementing these measures:
Ensure that you only open and run packages from trusted sources.
In regards to development, this means identifying the source of packages by signing them with digital certificates.
Ensure that only authorized users open and run packages.
In regards to development, this means that you should use the security features available in Integration Services, SQL Server, and the file system to achieve the following goals:
Protect the contents of packages by setting the protection level of the package.
Control access to both the packages and the additional files that are associated with those packages by using file system security.
Identify the Source of Packages by Using Digital Signatures
You can sign a package with a digital certificate that identifies the individual or the organizational unit that created or last modified the package. Then, you can specify optional settings in BI Development Studio or in the registry to have Integration Services perform the following actions:
Require a valid and trusted signature for the package.
Check the signature when Integration Services opens a package
Warn about or reject unsigned packages.
For more information about digital signatures, see the following topics:
Protect the Contents of Packages by Setting the Protection Level
By setting the ProtectionLevel property of a package, you can encrypt any sensitive data that packages contain, such as passwords, or all the contents of packages. For example, you can set the following protection levels:
You can remove sensitive data completely by selecting the DontSaveSensitive option.
You can ensure that only you can see the sensitive data by selecting the EncryptSensitiveWithUserKey option.
You can ensure that only you can load and run the package by selecting the EncryptAllWithUserKey option.
You can ensure that only those who provide a password can see the sensitive data by selecting the EncryptSensitiveWithPassword option.
You can ensure that only those who provide a password can load and run the package by selecting the EncryptAllWithPassword option.
For more information about the protection level, see Setting the Protection Level of Packages.
Control Access to Packages and to Files Created or Used by Packages
During the development phase, Integration Services packages are saved as files in the file system. You can use the security features available in Microsoft Windows, and the access control lists (ACLs) available in the file system, to control access to these stored packages.
When you test your packages, those packages sometimes create additional files, such as configuration files, log files, and checkpoint files. These files might also contain sensitive data. For more information about how to control access to these additional files, see Controlling Access to Files Used by Packages.