Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Who should own jobs in SQL Server 2005

Status
Not open for further replies.

katbear

Programmer
Mar 14, 2007
270
US
Hi,

Who should own job in SQL Server 2005? Currently, I have set up a couple new jobs, the owner is a windows login with administrative privileges on the server. So the job runs fine.

When I tried to change the owner to a non-admin user, the job failed, stating that I needed to set up proxy permissions or something to that effect. So I left the owner as the admin user.

Is that ok, or even the preferred owner of jobs?

Also -
One of my job steps is calling an SSIS package. On the "general" tab, it shows that it will run the package as the SQL Server Agent, and then there is a section "Log on to Server" where you select windows or sql server login info. In this case, I the SQL Server agent is a different windows account than the job owner... so who is logging in at the package level - the job owner or the SQL Server agent account?

Thanks very much
 
It really depends on what you mean by "Admin". I have a windows user account (regular vanilla) that doesn't have Domain Admin privledges, but is SysAdmin in SQL which we use for my SQL Server Agent account. We change job owners to that same account so that everything is consistant and works properly.

As far as OS admin privledges go, if you don't have any jobs which require access to the file system, I don't recommend using this. And even if you do, I recommend doing Share permissions for the user account rather than making it part of the local OS's Admin group. That's if you can get away with. Sometimes you just have to bite the bullet and have local OS admin and SysAdmin.

But I NEVER recommend Domain Admin being on any of your SQL accounts.



Catadmin - MCDBA, MCSA
"No, no. Yes. No, I tried that. Yes, both ways. No, I don't know. No again. Are there any more questions?"
-- Xena, "Been There, Done That"
 
I typically setup jobs to run as a non-privilaged application account. Each application will have a domain account, and we'll grant that account rights into the SQL Server just for the purpose of running the job.

The account gets the minimum rights needed to do it's work with no additional rights.

The exceptions to that are the DBA jobs which usually need sysadmin rights anyway, so they are run as the account which runs the SQL Server Service.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top