In many instances there is a development team or even a warehouse team that needs to run SSIS packages and you want to store those packages in SQL Server and run them through the SQL Agent Service. You may not; however, want to grant those users/group sysadmin rights to the machine. The following describes my experience in setting this up.
First, you must add the user/group to the DCOM Configuration for “Microsoft SQL Server Integration Services 11.0″ (SQL 2012), which can be found in the Component Services MMC. Right click and choose properties.
You can now add the groups to two security sections–“Launch and Activation Permissions” and “Access Permissions”. It was my experience I had to have them in both groups. I granted full rights in each group.
The final component is to add each user/group to the local group “Distributed COM Users”. It seems like it won’t even authenticate a user for the groups you set earlier unless they are in the local group. This will allow users to connect the Integration Services Instance.
At this point you should restart the Integration Service services.
If you haven’t already, you can go ahead and create your Catalog Database. We won’t go over those steps here–perhaps in another post.
The last step is to allow them to deploy and manage the packages on the servers. I add the group to the SSISDB and grant the role of ssis_admin. Now your teams should be able to function completely within the SSIS parameters and not have permissions to drop database objects or modify security settings.