Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Individual users as Owners Expand / Collapse
Author
Message
Posted Tuesday, June 10, 2014 11:21 AM
Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Yesterday @ 11:28 AM
Points: 553, Visits: 1,618
As we know, when databases and SQL Agent jobs are created the owner is set by default to the user who created them. We've changed many of these to sa or an appropriate AD Service Account, but there are still several objects scattered among many instances where objects are owned by individules' Windows logins.

At this time we're facing a reorganization where the existing DBAs are being laid off and replaced by outsourced DBA support. How much of a problem is this (for the database processes that is)?

My underdanding of what "owner" means is that the owner can access these objects while bypassing normal secuity checks. If that is all, then will everything continue to work when the AD accounts are disabled? How about Agent Jobs? What other gotchas are when individual's accounts are disabled? (Not that it will be my problem when this happens, but while I'm still here I do feel responsible to prevent future issues).
Post #1579334
Posted Tuesday, June 10, 2014 1:17 PM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 1:09 PM
Points: 13,731, Visits: 10,689
If I recall it correctly, some SQL Server Agent jobs owned by the DBA at a previous project started giving issues when the DBA was fired and his account was removed.



How to post forum questions.
Need an answer? No, you need a question.
What’s the deal with Excel & SSIS?

Member of LinkedIn. My blog at LessThanDot.

MCSA SQL Server 2012 - MCSE Business Intelligence
Post #1579382
Posted Wednesday, June 11, 2014 3:09 AM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Today @ 3:44 AM
Points: 2,059, Visits: 1,429
Koen Verbeeck (6/10/2014)
If I recall it correctly, some SQL Server Agent jobs owned by the DBA at a previous project started giving issues when the DBA was fired and his account was removed.


Yes, you'll get a message in the SQL Agent log along the lines of: "unable to determine if domain\account has server access."

Regards
Lempster

EDIT: Added missing closing quote marks.
Post #1579538
Posted Wednesday, June 11, 2014 3:28 AM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 12:15 PM
Points: 43,017, Visits: 36,179
It can be a problem when the domain account is removed. For databases most things will work, then a few things (like replication) will give odd error messages. Jobs may or may not run depending what they need to access.


Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1579548
Posted Thursday, June 12, 2014 6:45 AM
Right there with Babe

Right there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with Babe

Group: General Forum Members
Last Login: Thursday, September 4, 2014 3:11 PM
Points: 760, Visits: 2,206
We had one here a few years ago. There was a consultant that designed a database and application for us. A few months after he left, his AD account was removed and the jobs stopped working altogether (I don't remember the exact error message). Once we changed the job owner, everything worked again.

ETA: This was in SQL 2005.




The opinions expressed herein are strictly personal and do not necessarily reflect the views or policies of my employer.
Post #1580015
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse