You are administering SQL Server Integration Services (SSIS) permissions on a production server that
runs SQL Server 2012.
Quality Assurance (QA) testers in the company must have permission to perform the following tasks on
specific projects:
View and validate projects and packages
View Environments and Environment variables
Execute packages
You need to grant the minimum possible privileges to the QA testers.
What should you do? (Each correct answer presents part of the solution. Choose all that apply.)
A.
In the SSISDB database, add QA Tester logons to the ssis_admin role.
B.
In the msdb database, add QA Tester logons to the db_ssisoperator role.
C.
Grant Modify permission in the projects to the QA Tester logons.
D.
Grant Read permission in the SSIS catalog folder, the projects, and the Environments to the QA Tester
logons.
E.
Grant Execute permission in the projects to the QA Tester logons.
F.
In the msdb database, add QA Tester logons to the db_ssisItduser role.
It’s correct. Grant read permission does not allow the principal to enumerate or read the contents of other objects contained within the object.
So you have to bea member of db_ssisoperator role to anumerate and view all packages.
https://msdn.microsoft.com/en-us/library/ff878150.aspx
yeah, but that article is talking about the new SSISDB catalog. Answer B is about the MSDB-database, i.e. the pre-2012 way of things for SSIS. Since the question is talking about “View and validate projects and packages” and “View Environments and Environment variables” I think it points to the new SSISDB catalog.
Besides, answer D states granting permission to the Catalog folder, the projects AND the environments. There is no problem with enumeration when you hand out permission separately to all object.
And since they also need to Execute I would say:
Answer D and E
B, D is correct