When I set permissions on an SSIS package (ProtectionLevel) & I enter a PackagePassword, then when I open the package on my computer, it does not prompt me for a password.
Am I doing something wrong?
You are probably not doing anything wrong. Here’s some things I’ve learned about SSIS package security:
If you set the Package ProtectionLevel property to EncryptSensitiveWithPassword and supply a password, the package will behave as you describe – if and only if there is nothing considered “sensitive” in the package. Essentially, the setting is ignored (although the property setting is retained) until there’s something SSIS considers “sensitive” present.
SSIS decides what is and is not sensitive. Passwords, for example, are sensitive. If you connect to data sources and use Windows Authentication, these connections are not sensitive. If you changed your connection manager to use a SQL Login which requires a password, the EncryptSensitiveWithPassword setting would suddenly begin to function as expected (because it now it has something sensitive to protect). (I recommend using Windows Authentication because I’m lazy and want to push login/password maintenance to the server and network admins… I also hear it’s a best practice…)
If you want to limit access to your SSIS package, use the EncryptAllWithPassword ProtectionLevel property setting. This will require anyone accessing the password – for editing or execution – to supply the password.
Hope this helps.