July 8, 2015 at 12:37 am
It is quite common to grant sysadmin to the login that runs the agent. Is it possible to limit this?
Offcourse I tried, but I failed. 🙂
July 10, 2015 at 9:16 am
pven (7/8/2015)
It is quite common to grant sysadmin to the login that runs the agent. Is it possible to limit this?Offcourse I tried, but I failed. 🙂
It shouldn't be common, and it certainly is not a best practice to do so. The service id for the SQL Agent should be a domain user with no special priveleges. You can then add that domain user to the various domain level groups that control access to various resources, such as network shares that might need to be accessed by the various jobs. You may also need to include it in groups granted access to do backups or maintenance plans, or other administrative tasks.
You didn't say what exactly "but I failed" means. Nor did you specify what "I tried" means, exactly. You'll have to be more specific to be able to get much in the way of useful assistance.
Steve (aka sgmunson) 🙂 🙂 🙂
Rent Servers for Income (picks and shovels strategy)
July 12, 2015 at 2:29 pm
No, account that use SQL Agent must be a member of sysadmin role. https://msdn.microsoft.com/en-us/library/ms191543.aspx
July 12, 2015 at 2:52 pm
e4d4 (7/12/2015)
No, account that use SQL Agent must be a member of sysadmin role. https://msdn.microsoft.com/en-us/library/ms191543.aspx
Not sure why this recommendation is being made by MS.
I have never granted sysadmin to the SQL agent account. It's part of the public group and that's about it.
Michael L John
If you assassinate a DBA, would you pull a trigger?
To properly post on a forum:
http://www.sqlservercentral.com/articles/61537/
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply