SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Let's Talk Ownership (and SQL Jobs)


Let's Talk Ownership (and SQL Jobs)

Author
Message
Rob Fisk
Rob Fisk
SSC Veteran
SSC Veteran (213 reputation)SSC Veteran (213 reputation)SSC Veteran (213 reputation)SSC Veteran (213 reputation)SSC Veteran (213 reputation)SSC Veteran (213 reputation)SSC Veteran (213 reputation)SSC Veteran (213 reputation)

Group: General Forum Members
Points: 213 Visits: 428
Yeah. I'd be really worried about the security implications of this.

I thought it was a great article highlighting the problems that can arise from personally owned jobs.
Between it and the comments made I now have all the building blocks to write a job ownership transfer that can be run at point of departure of one user to transfer job ownership to the replacement.

_______________________________________________________
Change is inevitable... Except from a vending machine.

TomThomson
TomThomson
SSChampion
SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)

Group: General Forum Members
Points: 14234 Visits: 12197
Rob Fisk (11/24/2009)
Yeah. I'd be really worried about the security implications of this.

I thought it was a great article highlighting the problems that can arise from personally owned jobs.


Pity it didn't highlight the problems that can arise from SA owned jobs as well. I really don't fancy having everything running with sysadmin privileges, whether it needs them or not.

In fact I'm fairly tempted to say that no jobs at all should be owned by SA because (although you may want interdomain connections without having interdomain trust at NT level so that you have to have SQL logins as well as NT logins) there's no good reason why SA should ever be be able to login (it's easy to have a job that creates a random SA password and doesn't put it where any human can get it).

Tom

Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search