MTS provides a method of security known as Role-based security.
Before the security features of MTS can be exploited, a package must first be
configured to use security. Although we will not look at the details of how to
use Rolebased security until the next chapter, there is one security configuration
setting available in the package properties worth reviewing.
Though Role-based security is handled at the component level,
not the package level, it still must be activated at the package level. To achieve
this, you must enable Authorization tracking by executing the following steps:
STEP BY STEP
15.7 Enabling Authorization Tracking
Select the Package from the MTS Explorer for which you want to enable Role-based
Right-click on the package and select Properties.
Click on the tab labeled Security (see Figure 15.13).
FIGURE 15.13 The Security tab in the package properties allows you to enable
Click on the check box labeled Enable authorization checking.
Right-click on the package and select Shut down. This will cause the component
settings to be refreshed, and security settings will be active.
FIGURE 15.14 The Identity settings for the package define which NT security
context package components will run locally and on the network.
Another very important security setting is the Identity setting.
This is a setting assigned at the package level that determines the security context
under which the components in the package will be running. In other words, the
components will be identified as the user in this property for any action it takes.
This includes network calls, file handles, database connections, and so on. The
user assigned to the Identity setting can be any valid local or NT domain user,
or it can automatically be set to whomever is interactively logged onto the computer.
So, for example, if the Package identity is assigned to the Administrator domain
account, then components will be capable of doing anything in the enterprise that
the Administrator can. Alternatively, if you choose a package that will use the
identity of the logged in user, there is the possibility that the user might not
have the appropriate rights on the network needed by a member component such as
file permissions or database permissions. In this case, unexpected errors can
occur, so it is a good idea to consider the implications of the Identity settings.
If you right-click on a package and select Properties, the Identity setting
is under the Identity tab, as in Figure 15.14. One important thing to note is
that MTS does not verify that the password assigned to the user listed in the
Identity dialog box is correct. If the wrong password is entered and a user attempts
to use a component in this package, a runtime error will occur.