May 21, 2015 at 4:32 pm
It has come to my attention that some non-IT users in my organization have SSMS installed on their workstations so they can launch agent jobs that run certain SSIS exports when needed. Yes, you can configure security so that there's not much they can do, but I'm still not comfortable with that.
Does anyone have a better solution, such as giving the user a batch file containing the necessary sqlcmd commands to launch the job? Sure, this requires the same rights, but you're less likely to have a "licking the wrong thing" incident.
Dan
May 21, 2015 at 4:45 pm
For this type of thing, I like having a proc they are permitted to execute that will perform an insert into a table. The table would contain the name of the job to run, the requestor and the time it was requested. You can also throw in the table whether it has been run or not.
Then a job that sweeps the table every now and then and executes any outstanding jobs inserted into the table. This job upon starting the requested job would then delete the record from the table or mark it as complete.
Then remove all rights from the user with the exception of allowing them to execute that proc.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply