grant permissions to view SQL Server agent.

  • Hi all,

    I am not able to see the sql server agent.

    But, when I login as a sysadmin I am able to see.

    Can anyone help me on how to provide read access to sql server agent

    so that when I logon as a datareader I need to be able to view SQLserver agent.

    Only read or view permissions.

    Thanks .

  • You have to be member of some fixed database roles in msdb to see sql agent.

    See here:

    http://msdn.microsoft.com/en-us/library/ms188283.aspx

    -- Gianluca Sartori

  • Ok. I just need viewable permissions on the sql agent.

    So, what role would be the best to grant least permissions

    so that user can only be able to view the sql server agent and cannot make any changes to other jobs or schedules.

  • SQLAgentUserRole is the least privileged of the SQL Server Agent fixed database roles.

    It still can start/stop jobs, but owned ones only.

    -- Gianluca Sartori

  • Ok.

    I configured it to SQLAgentReader Role.

    and do you think we have any major difference between

    SQLAgentUserRole and SQLAgentReader

  • It's explained in detail in the BOL page I posted.

    SQLAgentReaderRole has some more privileges than SQLAgentUserRole.

    -- Gianluca Sartori

  • All these look great. But how can I deny users execute, update, delete.... and only have viewing of the jobs?

  • Grant the SQLAgentReaderRole and set the job owner to a different user.

    That way, users can only see the jobs, but cannot start/stop/modify them.

    -- Gianluca Sartori

  • All I need now is to not allow updates to existing jobs

    Any ideas?

    USE msdb;

    CREATE ROLE JobsViewer AUTHORIZATION db_securityadmin;

    GO

    use msdb

    EXECUTE sp_addrolemember 'JobsViewer', 'johntest1'

    DENY EXECUTE ON OBJECT::msdb.dbo.sp_add_job TO JobsViewer

    DENY EXECUTE ON OBJECT::msdb.dbo.sp_add_jobserver TO JobsViewer

    DENY EXECUTE ON OBJECT::msdb.dbo.sp_add_jobstep TO JobsViewer

    DENY EXECUTE ON OBJECT::msdb.dbo.sp_update_job TO JobsViewer

    DENY EXECUTE ON OBJECT::msdb.dbo.sp_add_jobschedule TO JobsViewer

    DENY EXECUTE ON OBJECT::msdb.dbo.sp_delete_job TO JobsViewer

  • I know this is an old post but I have to Grant an individual permission to manage SQL Server Jobs.

    That is Create, Modify Drop, etc.

    Do I need to create a credential and a Proxy to do this?

    Thanks.

    For better, quicker answers on T-SQL questions, click on the following...
    http://www.sqlservercentral.com/articles/Best+Practices/61537/

    For better answers on performance questions, click on the following...
    http://www.sqlservercentral.com/articles/SQLServerCentral/66909/

  • No, credentials and proxy are for execution, not for managing the jobs.

    The builtin roles are for managing jobs. Set the owner of the job to the user you need to manage it, then assign the owner to one of the builtin sqlAgent roles.

    -- Gianluca Sartori

  • They need to be able to create Jobs.

    I tried assigning Fixed Database Rolls but that did not work.

    For better, quicker answers on T-SQL questions, click on the following...
    http://www.sqlservercentral.com/articles/Best+Practices/61537/

    For better answers on performance questions, click on the following...
    http://www.sqlservercentral.com/articles/SQLServerCentral/66909/

Viewing 12 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic. Login to reply