February 28, 2012 at 2:36 pm
I can't remember the role off hand
______________________________________________________________________________Never argue with an idiot; Theyll drag you down to their level and beat you with experience
February 28, 2012 at 3:03 pm
Are you thinking of the SQL Agent database roles in msdb i.e SQLAgentOperatorRole, SQLAgentReaderRole, SQLAgentUserRole? Users shouldn't be able to run jobs by default unless they're members of sysadmin, so maybe there's more to your question than I can see.
Greg
February 28, 2012 at 10:52 pm
Greg Charles (2/28/2012)
Are you thinking of the SQL Agent database roles in msdb i.e SQLAgentOperatorRole, SQLAgentReaderRole, SQLAgentUserRole? Users shouldn't be able to run jobs by default unless they're members of sysadmin, so maybe there's more to your question than I can see.
No this was what I was wondering (thanks)
We have several roles/groups to control access on this specific server. Some time ago a specific user group was granted SQLAgentOperatorRole, SQLAgentReaderRole, SQLAgentUserRole from the msdb level, and for the life of me I couldn't remember what those where when I made this post.
Revoking Operator and User should accomplish what I need (which is to prohibit users from this group from starting jobs)
______________________________________________________________________________Never argue with an idiot; Theyll drag you down to their level and beat you with experience
February 29, 2012 at 10:33 am
Granting users membership in all three roles was redundant because the roles are hierarchical. SQLAgentReaderRole has all the SQLAgentUserRole permissions plus permissions to see multiserver jobs. SQLAgentOperatorRole has all the SQLAgentUserRole and SQLAgentReaderRole permissions plus permission to view operators and proxies.
All three roles allow members to start jobs they own - only jobs they own.
Greg
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply