Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

grant permissions to view SQL Server agent. Expand / Collapse
Author
Message
Posted Friday, July 2, 2010 8:32 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Thursday, August 14, 2014 10:53 AM
Points: 72, Visits: 456
Hi all,

I am not able to see the sql server agent.
But, when I login as a sysadmin I am able to see.

Can anyone help me on how to provide read access to sql server agent
so that when I logon as a datareader I need to be able to view SQLserver agent.

Only read or view permissions.


Thanks .
Post #946862
Posted Friday, July 2, 2010 8:55 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: 2 days ago @ 3:29 PM
Points: 5,046, Visits: 10,571
You have to be member of some fixed database roles in msdb to see sql agent.
See here:

http://msdn.microsoft.com/en-us/library/ms188283.aspx


--
Gianluca Sartori

Get your two-cent-answer quickly
spaghettidba.com
@spaghettidba
Post #946890
Posted Friday, July 2, 2010 9:58 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Thursday, August 14, 2014 10:53 AM
Points: 72, Visits: 456
Ok. I just need viewable permissions on the sql agent.

So, what role would be the best to grant least permissions
so that user can only be able to view the sql server agent and cannot make any changes to other jobs or schedules.
Post #946959
Posted Friday, July 2, 2010 10:26 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: 2 days ago @ 3:29 PM
Points: 5,046, Visits: 10,571
SQLAgentUserRole is the least privileged of the SQL Server Agent fixed database roles.
It still can start/stop jobs, but owned ones only.


--
Gianluca Sartori

Get your two-cent-answer quickly
spaghettidba.com
@spaghettidba
Post #946983
Posted Friday, July 2, 2010 3:03 PM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Thursday, August 14, 2014 10:53 AM
Points: 72, Visits: 456
Ok.

I configured it to SQLAgentReader Role.
and do you think we have any major difference between
SQLAgentUserRole and SQLAgentReader
Post #947096
Posted Monday, July 5, 2010 1:06 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: 2 days ago @ 3:29 PM
Points: 5,046, Visits: 10,571
It's explained in detail in the BOL page I posted.
SQLAgentReaderRole has some more privileges than SQLAgentUserRole.


--
Gianluca Sartori

Get your two-cent-answer quickly
spaghettidba.com
@spaghettidba
Post #947391
Posted Wednesday, November 14, 2012 4:14 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Thursday, December 20, 2012 10:55 AM
Points: 2, Visits: 16
All these look great. But how can I deny users execute, update, delete.... and only have viewing of the jobs?
Post #1384917
Posted Wednesday, November 14, 2012 5:24 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: 2 days ago @ 3:29 PM
Points: 5,046, Visits: 10,571
Grant the SQLAgentReaderRole and set the job owner to a different user.
That way, users can only see the jobs, but cannot start/stop/modify them.


--
Gianluca Sartori

Get your two-cent-answer quickly
spaghettidba.com
@spaghettidba
Post #1384940
Posted Thursday, November 15, 2012 8:07 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Thursday, December 20, 2012 10:55 AM
Points: 2, Visits: 16
All I need now is to not allow updates to existing jobs

Any ideas?


USE msdb;
CREATE ROLE JobsViewer AUTHORIZATION db_securityadmin;
GO

use msdb
EXECUTE sp_addrolemember 'JobsViewer', 'johntest1'


DENY EXECUTE ON OBJECT::msdb.dbo.sp_add_job TO JobsViewer
DENY EXECUTE ON OBJECT::msdb.dbo.sp_add_jobserver TO JobsViewer
DENY EXECUTE ON OBJECT::msdb.dbo.sp_add_jobstep TO JobsViewer
DENY EXECUTE ON OBJECT::msdb.dbo.sp_update_job TO JobsViewer
DENY EXECUTE ON OBJECT::msdb.dbo.sp_add_jobschedule TO JobsViewer
DENY EXECUTE ON OBJECT::msdb.dbo.sp_delete_job TO JobsViewer



Post #1385179
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse