In this article, we will show you the list of available SSIS Package Protection Level, and how to apply those setting with example. For this SSIS Package Protection Level demonstration, we use following Integration Service package.
You can find the list of SSIS protection levels under the package properties. Please go to the package properties, and then under the Security tab, you can find the Protection Level property. It is the property that you are going to use to protect your package. Following is the list SSIS Package Protection Level:
- DontSaveSensitive: This option will not save any sensitive information in the package. So, if a different user opens the package, the confidential information (passwords) is replaced with a blank.
- EncryptSensitiveWithUserKey: This option encrypts the sensitive information using the current user settings. The current user means windows users where the BIDS is running.
- EncryptSensitiveWithPassword: It will encrypt the sensitive information using the password, and save that encrypted information in the package. Password for confidential data provided by using the PackagePassword property
- EncryptAllWithPassword: This SSIS Package Protection Level option encrypts the whole package using a password. And you have to use the PackagePassword property to assign a password. When you open the package in designer, or to run the package with this option, then you have to provide the password.
- EncryptAllWithUserKey: This option uses the current user settings to encrypt the whole package. For example, if Tutorial Gateway is a user that created, or exported package 1, then he can only open, or run that package.
Please refer to the SSIS LOGGING to understand the package configurations.
SSIS Package Protection Level Example
To demonstrate the protection levels in the SSIS package, we will create an OLE DB Connection Manager after changing the Protection level. First, let me try with DontSaveSensitive. To create a connection, Right-click on the control flow region will open the context menu. Please select the New Connection.. option from it.
When you select the New Connection.. option, an Add SSIS Connection Manager window form will open. Here we selected the OLE DB connection manager and chose the new connection.
Clicking the new button will open the Connection Manager window. From the below screenshot, you can observe that we are using PRASAD as the instance, and provided the username and password for SQL authentication. And we selected [AdventureWorks2014] as the database name.
Click OK to close the configuration settings
Now, let me double-click on the newly created OLE DB Connection manager. As you can, it is not showing the password, although we check marked the Save my password option
You can check the same in the XML file.
Let me change the SSIS Package Protection level to EncryptSensitiveWithPassword. If you select this option, you have to provide the password to encrypt the sensitive data. To assign the password, please click … button beside the Package password.
Once you click on the … a new window will pop up, asking you to provide the password. As you can see, we had given a random password
Now you can see the encrypted information inside the XML file.
If you changed the SSIS Package Protection level to EncryptAllWithPassword and provided the password, then the XML file looks like the following image. It will not show any information to the user. Everything is encrypted.
When you open the package with protection level EncryptAllWithPassword or EncryptSensitiveWithPassword, the following pop up window opened. You have to provide the password to run the package