July 2, 2010 at 8:32 am
Hi all,
I am not able to see the sql server agent.
But, when I login as a sysadmin I am able to see.
Can anyone help me on how to provide read access to sql server agent
so that when I logon as a datareader I need to be able to view SQLserver agent.
Only read or view permissions.
Thanks .
July 2, 2010 at 8:55 am
You have to be member of some fixed database roles in msdb to see sql agent.
See here:
http://msdn.microsoft.com/en-us/library/ms188283.aspx
-- Gianluca Sartori
July 2, 2010 at 9:58 am
Ok. I just need viewable permissions on the sql agent.
So, what role would be the best to grant least permissions
so that user can only be able to view the sql server agent and cannot make any changes to other jobs or schedules.
July 2, 2010 at 10:26 am
SQLAgentUserRole is the least privileged of the SQL Server Agent fixed database roles.
It still can start/stop jobs, but owned ones only.
-- Gianluca Sartori
July 2, 2010 at 3:03 pm
Ok.
I configured it to SQLAgentReader Role.
and do you think we have any major difference between
SQLAgentUserRole and SQLAgentReader
July 5, 2010 at 1:06 am
It's explained in detail in the BOL page I posted.
SQLAgentReaderRole has some more privileges than SQLAgentUserRole.
-- Gianluca Sartori
November 14, 2012 at 4:14 pm
All these look great. But how can I deny users execute, update, delete.... and only have viewing of the jobs?
November 14, 2012 at 5:24 pm
Grant the SQLAgentReaderRole and set the job owner to a different user.
That way, users can only see the jobs, but cannot start/stop/modify them.
-- Gianluca Sartori
November 15, 2012 at 8:07 am
All I need now is to not allow updates to existing jobs
Any ideas?
USE msdb;
CREATE ROLE JobsViewer AUTHORIZATION db_securityadmin;
GO
use msdb
EXECUTE sp_addrolemember 'JobsViewer', 'johntest1'
DENY EXECUTE ON OBJECT::msdb.dbo.sp_add_job TO JobsViewer
DENY EXECUTE ON OBJECT::msdb.dbo.sp_add_jobserver TO JobsViewer
DENY EXECUTE ON OBJECT::msdb.dbo.sp_add_jobstep TO JobsViewer
DENY EXECUTE ON OBJECT::msdb.dbo.sp_update_job TO JobsViewer
DENY EXECUTE ON OBJECT::msdb.dbo.sp_add_jobschedule TO JobsViewer
DENY EXECUTE ON OBJECT::msdb.dbo.sp_delete_job TO JobsViewer
July 28, 2016 at 1:06 pm
I know this is an old post but I have to Grant an individual permission to manage SQL Server Jobs.
That is Create, Modify Drop, etc.
Do I need to create a credential and a Proxy to do this?
Thanks.
For better, quicker answers on T-SQL questions, click on the following...
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/
July 29, 2016 at 2:30 am
No, credentials and proxy are for execution, not for managing the jobs.
The builtin roles are for managing jobs. Set the owner of the job to the user you need to manage it, then assign the owner to one of the builtin sqlAgent roles.
-- Gianluca Sartori
July 29, 2016 at 5:03 am
They need to be able to create Jobs.
I tried assigning Fixed Database Rolls but that did not work.
For better, quicker answers on T-SQL questions, click on the following...
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/
Viewing 12 posts - 1 through 11 (of 11 total)
You must be logged in to reply to this topic. Login to reply