December 15, 2011 at 8:29 am
Hi Folks
I am trying to run job from sql Agent and my first step is containg cmdExec Command but getting failed and in error log shwoing me messaege "Non-SysAdmins have been denied permission to run CmdExec job steps" .
Though the account under the job running as has sysadmin rights and db_owner for particular DB.
Any ideas?
Thanks
December 15, 2011 at 8:35 am
sysadmin & db_owner have limited scope till database (or database server). You are blocked by IT dept. and the account you are using for running the jobs doesn't belong to Domain Admin (or Local Admin) group.
December 15, 2011 at 8:40 am
Thanks Dev i was thinking same . let me work out on what you said .
December 15, 2011 at 8:50 am
December 15, 2011 at 4:56 pm
There are ways to allow for the system to execute xp_CmdShell and for users to execute stored procedures that contain xp_CmdShell without the users being able to execute xp_CmdShell and without users having anything more than PUBLIC privs. Google for Erland Sommarskog's articles on the subject.
--Jeff Moden
Change is inevitable... Change for the better is not.
December 15, 2011 at 5:05 pm
Create a proxy and execute the job with the proxy account.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
December 15, 2011 at 7:36 pm
SQLRNNR (12/15/2011)
Create a proxy and execute the job with the proxy account.
Basically, yes. You just need to do it in a way where the low-priv user doesn't even need IMPERSONATE privs.
--Jeff Moden
Change is inevitable... Change for the better is not.
September 23, 2014 at 4:16 pm
If the service account used by the Agent is already SA in the SQL Server then check the owner of the job. This login should be an SA account within SQL server as well.
Amar
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply