This blog post is basic in nature but highlights a very real requirement that may arise when administering replication. Occasionally we, as Database Administrators, need to grant non-administrator business users the ability to run replication agent jobs due to business needs. Instead of giving the business user the ability to execute/stop/start jobs by adding them to a SQL Server Agent fixed database role, it is probably wise to limit the business user to execute only the replication agent job in question.
For example, if we want to give a business user the ability to run only the Snapshot Agent job – first, we can create a stored procedure RunSnapshotAgent that runs the Snapshot Agent job, using WITH EXECUTE AS to run the stored procedure as the database owner:
CREATE PROCEDURE dbo.RunSnapshotAgent WITH EXECUTE AS 'snapshotagent_job_owner' AS EXEC sp_start_job @job_name = 'snapshot_agent_job' GO |
Where 'snapshot_job_owner' is the snapshot agent job owner and 'snapshot_agent_job' is the snapshot agent job name.
Next, we can create a role named snapshot_executor, and add the business user to that role:
CREATE ROLE snapshot_executor; EXEC sp_addrolemember @rolename = 'snapshot_executor', @membername = 'BUSINESSUSER1'; GO |
Where ‘BUSINESSUSER1’ is the business user’s login.
Then, grant execute rights for the RunSnapshotAgent stored procedure to the snapshot_executor role to allow the business user to start only the snapshot agent job:
GRANT EXEC ON dbo.RunSnapshotAgent TO snapshot_executor; GO |
After creating the stored procedure, creating the role, and adding the business user to that role; the business user can then execute the RunSnapshotAgent stored procedure to run only the Snapshot Agent:
EXEC dbo.RunSnapshotAgent; GO |