ssms 连接 ssis_在SSMS中手动设置SSIS包加密
ssms 连接 ssis
The whole process of encryption of SSIS packages in SSMS relies on the Import Package and Export Package options; specifically, the combination of performing both of mentioned options in particular order, while choosing and setting the appropriate ProtectionLevel in the process.
SSMS中对SSIS包进行加密的整个过程取决于“导入包”和“导出包”选项。 具体来说,就是在执行过程中选择并设置适当的ProtectionLevel时,以特定顺序执行上述两个选项的组合。
In short, to encrypt a particular package, it must be exported with new credentials specified, and then imported back into specified folder.
简而言之,要加密特定的程序包,必须使用指定的新凭据将其导出,然后再导回到指定的文件夹中。
导入包和导出包选项 (Import Package and Export Package options)
To start the package encryption process, after right clicking on desired package, choose the option ‘Export Package…’
要开始包加密过程,请右键单击所需的包,然后选择“导出包…”选项。
In the dialog below, there are several options to choose, in order to export the selected package. The package location could be located in the SSIS Package Store (which requires input of a server name) or File System.
在下面的对话框中,有几个选项可供选择,以导出选定的软件包。 包位置可以位于SSIS包存储(需要输入服务器名称)或文件系统中。
The package path can be defined by the user as a custom destination path for File System or the destination folder in the Package Store.
包路径可以由用户定义为文件系统或包存储中目标文件夹的自定义目标路径。
To choose the protection level, click the ellipse as shown below,
要选择保护级别,请单击椭圆,如下所示,
and the following dialog will appear:
然后将出现以下对话框:
The Protection level option regards sensitive data, in one case, or all the data included in particular package in other. Data that is considered sensitive is set by default in Integration Services: variables previously marked as delicate, non-changeable XML tags, which are controlled by the SSIS service, and password, which can be considered sensitive if the ‘Encrypt all data with password’ is chosen.
“保护级别”选项在一种情况下涉及敏感数据,在另一种情况下涉及特定数据包中包含的所有数据。 默认情况下,在Integration Services中设置被认为敏感的数据:以前标记为精致,不可更改的XML标记(由SSIS服务控制)的变量和密码,如果“使用密码加密所有数据”,则可以视为敏感数据被选中。
Package protection levels:
包装保护等级:
-
Do not save sensitive data: if sensitive data exists, it will not be included after the exporting of the new package, remaining unavailable;
不要保存敏感数据 :如果存在敏感数据,则在导出新程序包后将不包括敏感数据,使其不可用;
-
Encrypt sensitive data with user key: sensitive data will be encrypted with current user credentials, and package still can be used on local server. Which data will be considered as sensitive, depends on the creator/owner of the package;
使用用户**加密敏感数据 :敏感数据将使用当前用户凭据进行加密,并且程序包仍可以在本地服务器上使用。 哪些数据将被视为敏感数据,取决于数据包的创建者/所有者;
-
Encrypt sensitive data with password: with this level, a password must be provided – this kind of encryption is desirable, if user want to keep only sensitive data private.
用密码加密敏感数据 :在此级别,必须提供密码–如果用户只想将敏感数据保密,则需要这种加密。
-
Encrypt all data with user key: same as the encryption of sensitive data, it can be used on local server, but it regards all the data within the package;
使用用户**加密所有数据 :与敏感数据的加密相同,可以在本地服务器上使用它,但是它会考虑包中的所有数据;
-
Encrypt all data with password: this level encrypts all data within the package, password is required, and it provides a 100% privacy;
用密码加密所有数据 :此级别加密程序包中的所有数据,需要密码,并提供100%的隐私;
导出包 (Exporting packages)
The examples provided will be encrypted with passwords
提供的示例将使用密码进行加密
There is a determined Package path within File System (in this case, on local D:\ disk, for testing purposes, and to provide visibility of exported package path), and the Protection level will be set to Encrypt sensitive data with password:
文件系统中有一个确定的包路径(在这种情况下,在本地D:\磁盘上,用于测试目的,并提供导出包路径的可见性),并且“保护”级别将设置为“使用密码加密敏感数据” :
The same process is applied on exported packages when setting the Encrypt all data with password Protection level.
设置使用密码保护级别加密所有数据时,对导出的软件包执行相同的过程。
导入回加密的软件包 (Importing back the encrypted package)
To confirm the successful encryption (or to show the example of preventing the unauthorized usage), import back the new package.
要确认加密成功(或显示防止未经授权的使用的示例),请导入回新软件包。
The following window will appear:
将出现以下窗口:
While importing the encrypted package, the Protection level must be selected again. The primary option is to keep the protection level of the original package. In that state, the next step is providing valid credentials:
导入加密的程序包时,必须再次选择保护级别。 主要选项是保持原始包装的保护级别。 在这种状态下,下一步是提供有效的凭据:
If valid credentials are not provided, the dialog will reappear with following addition in message:
如果未提供有效的凭据,该对话框将重新出现,并在消息中添加以下内容:
Here are the other options within Protection level, while importing:
导入时,以下是“保护”级别中的其他选项:
They are similar to Protection levels while exporting, with the edition of Rely on server storage and roles for access control.
它们与导出时的保护级别相似,版本依赖服务器存储和访问控制角色 。
With providing valid credentials, the new package is added to the Integration Services:
通过提供有效的凭证,新软件包将添加到Integration Services中:
参考资料 (References)
- Access Control for Sensitive Data in Packages 包裹中敏感数据的访问控制
- Set or Change the Protection Level of Packages 设置或更改包装的保护等级
- dtutil Utility dtutil实用程序
翻译自: https://www.sqlshack.com/setting-ssis-package-encryption-manually-in-ssms/
ssms 连接 ssis