Monday, March 12, 2012

Non sa running jobs?

Is there a way for a user to manage ( run, delete, add ) a job if he has not
got sa permission?
Thanks
AlexAlex,
Yes if the user is a member of the SYSADMIN fixed server role. Note however
that membership of this role should be limited as the role enables a user to
do pretty much anything in SQL Server.
HTH
Jerry
"Alex" <Alex@.discussions.microsoft.com> wrote in message
news:3CD1CB0F-42E8-4DA9-A04C-CBD6AE4845CB@.microsoft.com...
> Is there a way for a user to manage ( run, delete, add ) a job if he has
> not
> got sa permission?
> Thanks
> Alex|||Thanks for this. But the problem we have is SOX compliance !. Us dba's have
been stripped off sa/SYSADMIN fixed role permission so we can't modify data.
The side effect of this is that there are loads of admin tasks we cannot now
do.
Alex
"Jerry Spivey" wrote:
> Alex,
> Yes if the user is a member of the SYSADMIN fixed server role. Note however
> that membership of this role should be limited as the role enables a user to
> do pretty much anything in SQL Server.
> HTH
> Jerry
> "Alex" <Alex@.discussions.microsoft.com> wrote in message
> news:3CD1CB0F-42E8-4DA9-A04C-CBD6AE4845CB@.microsoft.com...
> > Is there a way for a user to manage ( run, delete, add ) a job if he has
> > not
> > got sa permission?
> >
> > Thanks
> >
> > Alex
>
>|||Hmmm...that doesn't sound right. You're a DBA but you're not a member of
the SYSADMIN fixed server role? How can you do your job?
"Alex" <Alex@.discussions.microsoft.com> wrote in message
news:AD536297-1152-4F9E-A36A-88171E6FA033@.microsoft.com...
> Thanks for this. But the problem we have is SOX compliance !. Us dba's
> have
> been stripped off sa/SYSADMIN fixed role permission so we can't modify
> data.
> The side effect of this is that there are loads of admin tasks we cannot
> now
> do.
> Alex
>
> "Jerry Spivey" wrote:
>> Alex,
>> Yes if the user is a member of the SYSADMIN fixed server role. Note
>> however
>> that membership of this role should be limited as the role enables a user
>> to
>> do pretty much anything in SQL Server.
>> HTH
>> Jerry
>> "Alex" <Alex@.discussions.microsoft.com> wrote in message
>> news:3CD1CB0F-42E8-4DA9-A04C-CBD6AE4845CB@.microsoft.com...
>> > Is there a way for a user to manage ( run, delete, add ) a job if he
>> > has
>> > not
>> > got sa permission?
>> >
>> > Thanks
>> >
>> > Alex
>>|||Since we don't want SA running jobs (or being in the Sysadmin group), I set
up a login with win authent, sysadmin to run jobs. No one needs the password
to use; just set this user up as the proxy account (under agent properties,
job system), and if any job owner is not a sysadmin, it defaults to this guy.
HTH, mary
"Alex" wrote:
> Thanks for this. But the problem we have is SOX compliance !. Us dba's have
> been stripped off sa/SYSADMIN fixed role permission so we can't modify data.
> The side effect of this is that there are loads of admin tasks we cannot now
> do.
> Alex
>
> "Jerry Spivey" wrote:
> > Alex,
> >
> > Yes if the user is a member of the SYSADMIN fixed server role. Note however
> > that membership of this role should be limited as the role enables a user to
> > do pretty much anything in SQL Server.
> >
> > HTH
> >
> > Jerry
> > "Alex" <Alex@.discussions.microsoft.com> wrote in message
> > news:3CD1CB0F-42E8-4DA9-A04C-CBD6AE4845CB@.microsoft.com...
> > > Is there a way for a user to manage ( run, delete, add ) a job if he has
> > > not
> > > got sa permission?
> > >
> > > Thanks
> > >
> > > Alex
> >
> >
> >|||Yes, try telling this to the auditors!
We are very frustrated. If we need to add a job we will need to apply for
permission to log in as sa, after going through multilevel of sign off from
the senior management - all for running a SQL Profile, or creating
maintenance plan !!
and then all actions will be be logged as well.
Alex
"Jerry Spivey" wrote:
> Hmmm...that doesn't sound right. You're a DBA but you're not a member of
> the SYSADMIN fixed server role? How can you do your job?
> "Alex" <Alex@.discussions.microsoft.com> wrote in message
> news:AD536297-1152-4F9E-A36A-88171E6FA033@.microsoft.com...
> > Thanks for this. But the problem we have is SOX compliance !. Us dba's
> > have
> > been stripped off sa/SYSADMIN fixed role permission so we can't modify
> > data.
> > The side effect of this is that there are loads of admin tasks we cannot
> > now
> > do.
> >
> > Alex
> >
> >
> > "Jerry Spivey" wrote:
> >
> >> Alex,
> >>
> >> Yes if the user is a member of the SYSADMIN fixed server role. Note
> >> however
> >> that membership of this role should be limited as the role enables a user
> >> to
> >> do pretty much anything in SQL Server.
> >>
> >> HTH
> >>
> >> Jerry
> >> "Alex" <Alex@.discussions.microsoft.com> wrote in message
> >> news:3CD1CB0F-42E8-4DA9-A04C-CBD6AE4845CB@.microsoft.com...
> >> > Is there a way for a user to manage ( run, delete, add ) a job if he
> >> > has
> >> > not
> >> > got sa permission?
> >> >
> >> > Thanks
> >> >
> >> > Alex
> >>
> >>
> >>
>
>|||Curious, if the is a reason to suddenly restore a db in the middle of the day
so production activities can resume, is the same process to log in as SA
required?
--
ChrisR
"Alex" wrote:
> Yes, try telling this to the auditors!
> We are very frustrated. If we need to add a job we will need to apply for
> permission to log in as sa, after going through multilevel of sign off from
> the senior management - all for running a SQL Profile, or creating
> maintenance plan !!
> and then all actions will be be logged as well.
> Alex
> "Jerry Spivey" wrote:
> > Hmmm...that doesn't sound right. You're a DBA but you're not a member of
> > the SYSADMIN fixed server role? How can you do your job?
> > "Alex" <Alex@.discussions.microsoft.com> wrote in message
> > news:AD536297-1152-4F9E-A36A-88171E6FA033@.microsoft.com...
> > > Thanks for this. But the problem we have is SOX compliance !. Us dba's
> > > have
> > > been stripped off sa/SYSADMIN fixed role permission so we can't modify
> > > data.
> > > The side effect of this is that there are loads of admin tasks we cannot
> > > now
> > > do.
> > >
> > > Alex
> > >
> > >
> > > "Jerry Spivey" wrote:
> > >
> > >> Alex,
> > >>
> > >> Yes if the user is a member of the SYSADMIN fixed server role. Note
> > >> however
> > >> that membership of this role should be limited as the role enables a user
> > >> to
> > >> do pretty much anything in SQL Server.
> > >>
> > >> HTH
> > >>
> > >> Jerry
> > >> "Alex" <Alex@.discussions.microsoft.com> wrote in message
> > >> news:3CD1CB0F-42E8-4DA9-A04C-CBD6AE4845CB@.microsoft.com...
> > >> > Is there a way for a user to manage ( run, delete, add ) a job if he
> > >> > has
> > >> > not
> > >> > got sa permission?
> > >> >
> > >> > Thanks
> > >> >
> > >> > Alex
> > >>
> > >>
> > >>
> >
> >
> >|||I don't recall anything in SOX that states that a DBA can not have sa
rights. Someone is taking the wording way beyond it's intent. SQL2005 will
have roles specifically for this but in 2000 it is not that easy.
--
Andrew J. Kelly SQL MVP
"Alex" <Alex@.discussions.microsoft.com> wrote in message
news:AD536297-1152-4F9E-A36A-88171E6FA033@.microsoft.com...
> Thanks for this. But the problem we have is SOX compliance !. Us dba's
> have
> been stripped off sa/SYSADMIN fixed role permission so we can't modify
> data.
> The side effect of this is that there are loads of admin tasks we cannot
> now
> do.
> Alex
>
> "Jerry Spivey" wrote:
>> Alex,
>> Yes if the user is a member of the SYSADMIN fixed server role. Note
>> however
>> that membership of this role should be limited as the role enables a user
>> to
>> do pretty much anything in SQL Server.
>> HTH
>> Jerry
>> "Alex" <Alex@.discussions.microsoft.com> wrote in message
>> news:3CD1CB0F-42E8-4DA9-A04C-CBD6AE4845CB@.microsoft.com...
>> > Is there a way for a user to manage ( run, delete, add ) a job if he
>> > has
>> > not
>> > got sa permission?
>> >
>> > Thanks
>> >
>> > Alex
>>|||Thanks Mary. This could be the escape route we have been looking for!
Alex
"Mary" wrote:
> Since we don't want SA running jobs (or being in the Sysadmin group), I set
> up a login with win authent, sysadmin to run jobs. No one needs the password
> to use; just set this user up as the proxy account (under agent properties,
> job system), and if any job owner is not a sysadmin, it defaults to this guy.
> HTH, mary
> "Alex" wrote:
> > Thanks for this. But the problem we have is SOX compliance !. Us dba's have
> > been stripped off sa/SYSADMIN fixed role permission so we can't modify data.
> > The side effect of this is that there are loads of admin tasks we cannot now
> > do.
> >
> > Alex
> >
> >
> > "Jerry Spivey" wrote:
> >
> > > Alex,
> > >
> > > Yes if the user is a member of the SYSADMIN fixed server role. Note however
> > > that membership of this role should be limited as the role enables a user to
> > > do pretty much anything in SQL Server.
> > >
> > > HTH
> > >
> > > Jerry
> > > "Alex" <Alex@.discussions.microsoft.com> wrote in message
> > > news:3CD1CB0F-42E8-4DA9-A04C-CBD6AE4845CB@.microsoft.com...
> > > > Is there a way for a user to manage ( run, delete, add ) a job if he has
> > > > not
> > > > got sa permission?
> > > >
> > > > Thanks
> > > >
> > > > Alex
> > >
> > >
> > >|||Andrew
We can run sa tasks, but we need authorisation every time we need to. its
like working with one of your hands tied.
Alex
"Andrew J. Kelly" wrote:
> I don't recall anything in SOX that states that a DBA can not have sa
> rights. Someone is taking the wording way beyond it's intent. SQL2005 will
> have roles specifically for this but in 2000 it is not that easy.
> --
> Andrew J. Kelly SQL MVP
>
> "Alex" <Alex@.discussions.microsoft.com> wrote in message
> news:AD536297-1152-4F9E-A36A-88171E6FA033@.microsoft.com...
> > Thanks for this. But the problem we have is SOX compliance !. Us dba's
> > have
> > been stripped off sa/SYSADMIN fixed role permission so we can't modify
> > data.
> > The side effect of this is that there are loads of admin tasks we cannot
> > now
> > do.
> >
> > Alex
> >
> >
> > "Jerry Spivey" wrote:
> >
> >> Alex,
> >>
> >> Yes if the user is a member of the SYSADMIN fixed server role. Note
> >> however
> >> that membership of this role should be limited as the role enables a user
> >> to
> >> do pretty much anything in SQL Server.
> >>
> >> HTH
> >>
> >> Jerry
> >> "Alex" <Alex@.discussions.microsoft.com> wrote in message
> >> news:3CD1CB0F-42E8-4DA9-A04C-CBD6AE4845CB@.microsoft.com...
> >> > Is there a way for a user to manage ( run, delete, add ) a job if he
> >> > has
> >> > not
> >> > got sa permission?
> >> >
> >> > Thanks
> >> >
> >> > Alex
> >>
> >>
> >>
>
>

No comments:

Post a Comment