Proxy accounts and principles

Click here to monitor SSC

<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>

SQLServerCentral is supported by Red Gate Software Ltd.

Log in :: Register :: Not logged in

<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>

Recent Posts

Popular Topics

Home

Home » SQL Server 2005 » Administering » Proxy accounts and principles

Add to briefcase

Proxy accounts and principles

Expand / Collapse

Author

Message

Posted Wednesday, June 09, 2010 4:22 AM

Old Hand

Group: General Forum Members
Last Login: Thursday, June 13, 2013 5:09 AM
Points: 380, Visits: 1,020

I've set up a job which will use a proxy account.

On the first run of the job I received and error saying the the job owner is not permitted to use the proxy. So under the proxy properties > Principles I added my SQL Login account DOMAIN\Firstname.Surname. and clicked ok.

Tried the job which failed with the same error?

So checked the Proxy account Principles again only to find it had removed my domain account from the principles list?????

I then added sysadmin role to the Proxy Account Principles list (which my account is assigned to) and everything worked fine. I also tried and SQL server login which was fine.

So why does it remove my domain account from the Proxy Account Principles list? (have I missed something??)

- very confused!

_____________________________________________________________________________
MCITP: Business Intelligence Developer (2005)

Post #934505

Posted Wednesday, June 09, 2010 4:39 AM

SSCertifiable

Group: General Forum Members
Last Login: Today @ 9:57 AM
Points: 6,724, Visits: 5,796

I don't use proxies, so I'm just guessing that your problem is the underlined one...

This is what I found in BOL.

Books Online

SQL Server Agent proxies use credentials to store information about Windows user accounts. The user specified in the credential must have "Log on as a batch job" permission on the computer on which SQL Server is running.

SQL Server Agent checks subsystem access for a proxy and gives access to the proxy each time the job step runs. If the proxy no longer has access to the subsystem, the job step fails. Otherwise, SQL Server Agent impersonates the user that is specified in the proxy and runs the job step.

Creation of a proxy does not change the permissions for the user that is specified in the credential for the proxy. For example, you can create a proxy for a user that does not have permission to connect to an instance of SQL Server. In this case, job steps that use that proxy are unable to connect to SQL Server.

A user must have access to a proxy to use the proxy in a job step. Access can be granted to three types of security principals:

SQL Server logins
Server roles
Roles within the msdb database

If the login for the user has access to the proxy, or the user belongs to any role with access to the proxy, the user can use the proxy in a job step.

Brandie Tarvin, MCITP Database Administrator, MCDBA, MCSA

Webpage: http://www.BrandieTarvin.net
LiveJournal Blog: http://brandietarvin.livejournal.com/
On LinkedIn!, Google+, and Twitter.

Freelance Writer: Shadowrun
Latchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.

Post #934514

« Prev Topic | Next Topic »

Add to briefcase

Permissions

Expand / Collapse