Is there a way for a user to manage ( run, delete, add ) a job if he has not
got sa permission?
Thanks
Alex
Alex,
Yes if the user is a member of the SYSADMIN fixed server role. Note however
that membership of this role should be limited as the role enables a user to
do pretty much anything in SQL Server.
HTH
Jerry
"Alex" <Alex@.discussions.microsoft.com> wrote in message
news:3CD1CB0F-42E8-4DA9-A04C-CBD6AE4845CB@.microsoft.com...
> Is there a way for a user to manage ( run, delete, add ) a job if he has
> not
> got sa permission?
> Thanks
> Alex
|||Thanks for this. But the problem we have is SOX compliance !. Us dba's have
been stripped off sa/SYSADMIN fixed role permission so we can't modify data.
The side effect of this is that there are loads of admin tasks we cannot now
do.
Alex
"Jerry Spivey" wrote:
> Alex,
> Yes if the user is a member of the SYSADMIN fixed server role. Note however
> that membership of this role should be limited as the role enables a user to
> do pretty much anything in SQL Server.
> HTH
> Jerry
> "Alex" <Alex@.discussions.microsoft.com> wrote in message
> news:3CD1CB0F-42E8-4DA9-A04C-CBD6AE4845CB@.microsoft.com...
>
>
|||Hmmm...that doesn't sound right. You're a DBA but you're not a member of
the SYSADMIN fixed server role? How can you do your job?
"Alex" <Alex@.discussions.microsoft.com> wrote in message
news:AD536297-1152-4F9E-A36A-88171E6FA033@.microsoft.com...[vbcol=seagreen]
> Thanks for this. But the problem we have is SOX compliance !. Us dba's
> have
> been stripped off sa/SYSADMIN fixed role permission so we can't modify
> data.
> The side effect of this is that there are loads of admin tasks we cannot
> now
> do.
> Alex
>
> "Jerry Spivey" wrote:
|||Since we don't want SA running jobs (or being in the Sysadmin group), I set
up a login with win authent, sysadmin to run jobs. No one needs the password
to use; just set this user up as the proxy account (under agent properties,
job system), and if any job owner is not a sysadmin, it defaults to this guy.
HTH, mary
"Alex" wrote:
[vbcol=seagreen]
> Thanks for this. But the problem we have is SOX compliance !. Us dba's have
> been stripped off sa/SYSADMIN fixed role permission so we can't modify data.
> The side effect of this is that there are loads of admin tasks we cannot now
> do.
> Alex
>
> "Jerry Spivey" wrote:
|||Yes, try telling this to the auditors!
We are very frustrated. If we need to add a job we will need to apply for
permission to log in as sa, after going through multilevel of sign off from
the senior management - all for running a SQL Profile, or creating
maintenance plan !!
and then all actions will be be logged as well.
Alex
"Jerry Spivey" wrote:
> Hmmm...that doesn't sound right. You're a DBA but you're not a member of
> the SYSADMIN fixed server role? How can you do your job?
> "Alex" <Alex@.discussions.microsoft.com> wrote in message
> news:AD536297-1152-4F9E-A36A-88171E6FA033@.microsoft.com...
>
>
|||Curious, if the is a reason to suddenly restore a db in the middle of the day
so production activities can resume, is the same process to log in as SA
required?
ChrisR
"Alex" wrote:
[vbcol=seagreen]
> Yes, try telling this to the auditors!
> We are very frustrated. If we need to add a job we will need to apply for
> permission to log in as sa, after going through multilevel of sign off from
> the senior management - all for running a SQL Profile, or creating
> maintenance plan !!
> and then all actions will be be logged as well.
> Alex
> "Jerry Spivey" wrote:
|||I don't recall anything in SOX that states that a DBA can not have sa
rights. Someone is taking the wording way beyond it's intent. SQL2005 will
have roles specifically for this but in 2000 it is not that easy.
Andrew J. Kelly SQL MVP
"Alex" <Alex@.discussions.microsoft.com> wrote in message
news:AD536297-1152-4F9E-A36A-88171E6FA033@.microsoft.com...[vbcol=seagreen]
> Thanks for this. But the problem we have is SOX compliance !. Us dba's
> have
> been stripped off sa/SYSADMIN fixed role permission so we can't modify
> data.
> The side effect of this is that there are loads of admin tasks we cannot
> now
> do.
> Alex
>
> "Jerry Spivey" wrote:
|||Thanks Mary. This could be the escape route we have been looking for!
Alex
"Mary" wrote:
[vbcol=seagreen]
> Since we don't want SA running jobs (or being in the Sysadmin group), I set
> up a login with win authent, sysadmin to run jobs. No one needs the password
> to use; just set this user up as the proxy account (under agent properties,
> job system), and if any job owner is not a sysadmin, it defaults to this guy.
> HTH, mary
> "Alex" wrote:
|||Andrew
We can run sa tasks, but we need authorisation every time we need to. its
like working with one of your hands tied.
Alex
"Andrew J. Kelly" wrote:
> I don't recall anything in SOX that states that a DBA can not have sa
> rights. Someone is taking the wording way beyond it's intent. SQL2005 will
> have roles specifically for this but in 2000 it is not that easy.
> --
> Andrew J. Kelly SQL MVP
>
> "Alex" <Alex@.discussions.microsoft.com> wrote in message
> news:AD536297-1152-4F9E-A36A-88171E6FA033@.microsoft.com...
>
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment