I am looking for a good idea or best practice for setting up a security plan which allows users to execute a specific job, owned by the SQL Server Agent Service Account.
I tried to use the msdb SQLAgentOperatorRole, but unfortunately I recognized, that every local job could be executed.
I would like to have only one job executed by the user and all others should be visible, but not executable.
What is the best practice for this request? Can Proxies and credentials be helpful and if yes, how do I have to use them?
In other words: what is the best approach for this request (end user should see and start specific jobs in the SQL Server Agent).
Thanks in advance
Norbert
Owner can execute job as well.|||
Thanks for the hint, but I do not want to have this user as an owner. The owner should be another account. This user (developer) should only have the capability to execute jobs we (DBA) provided to him. He should not see ALL jobs nor should he execute ALL jobs. I would like to set permissions in a way that he can start/stop/enable/disable ONE specific job.
Is there an easy way to realize it? Or maybe a more complicated way?
Regards
Norbert
No comments:
Post a Comment