November 9, 2004 at 10:14 am
Hi there, I've searched this forum but found no previous topics, so here goes.
I'm a dbowner, created a whole bunch of tables and sprocs and views and then a bunch of SQL Svr Agent Jobs.
I created a department_member db role and give select / exec access to all.
Now, I need let someone see (or edit) the jobs that I created, however, I don't seem to find permissions for SQL Svr Agent Jobs in the database.
How can I give someone access to jobs I created and owned?
Thanks in Advance.
November 10, 2004 at 5:02 pm
There is role in MSDB called TargetServersRole that allows members to view jobs. It's undocumented and subject to change in future releases and service packs, but it works now.
Greg
Greg
November 22, 2004 at 10:44 am
I've run into a similar problem myself. The TargetServersRole works well for most things. I had to give a user access to execute jobs, which targetserversRole did not include. I had to create a new role in the MSDB database and manually add execute access to some other stored procedures. I turned on tracing, used EM to execute a job. Then I had to look at what stored procedures were executed to do that task. Then I had to manually go through each of those stored procedures and figure out what dependent stored procedures were inside of those stored procedures. It took a while, but I was able to figure it out and set up the correct permissions. The point is that I could not give the user access the permission to execute jobs without giving him "system Admin" access, which I simply could not allow. It's still a security hole, but it's still better than "system" access.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply