Click here to monitor SSC
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in
Home       Members    Calendar    Who's On

Add to briefcase

Proxy accounts and principles Expand / Collapse
Posted Wednesday, June 9, 2010 4:22 AM



Group: General Forum Members
Last Login: Thursday, April 7, 2016 7:55 AM
Points: 408, Visits: 1,149
I've set up a job which will use a proxy account.

On the first run of the job I received and error saying the the job owner is not permitted to use the proxy. So under the proxy properties > Principles I added my SQL Login account DOMAIN\Firstname.Surname. and clicked ok.

Tried the job which failed with the same error?

So checked the Proxy account Principles again only to find it had removed my domain account from the principles list?????

I then added sysadmin role to the Proxy Account Principles list (which my account is assigned to) and everything worked fine. I also tried and SQL server login which was fine.

So why does it remove my domain account from the Proxy Account Principles list? (have I missed something??)

- very confused!

MCITP: Business Intelligence Developer (2005)
Post #934505
Posted Wednesday, June 9, 2010 4:39 AM



Group: General Forum Members
Last Login: Thursday, December 1, 2016 11:26 AM
Points: 7,502, Visits: 8,651
I don't use proxies, so I'm just guessing that your problem is the underlined one...

This is what I found in BOL.

Books Online

SQL Server Agent proxies use credentials to store information about Windows user accounts. The user specified in the credential must have "Log on as a batch job" permission on the computer on which SQL Server is running.

SQL Server Agent checks subsystem access for a proxy and gives access to the proxy each time the job step runs. If the proxy no longer has access to the subsystem, the job step fails. Otherwise, SQL Server Agent impersonates the user that is specified in the proxy and runs the job step.

Creation of a proxy does not change the permissions for the user that is specified in the credential for the proxy. For example, you can create a proxy for a user that does not have permission to connect to an instance of SQL Server. In this case, job steps that use that proxy are unable to connect to SQL Server.

A user must have access to a proxy to use the proxy in a job step. Access can be granted to three types of security principals:

SQL Server logins
Server roles
Roles within the msdb database

If the login for the user has access to the proxy, or the user belongs to any role with access to the proxy, the user can use the proxy in a job step.

Brandie Tarvin, MCITP Database Administrator

LiveJournal Blog:
On LinkedIn!, Google+, and Twitter.

Freelance Writer: Shadowrun
Latchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.
Post #934514
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse