Stairway to SQL Server Agent - Level 9: Understanding Jobs and Security

  • Comments posted to this topic are about the item Stairway to SQL Server Agent - Level 9: Understanding Jobs and Security

  • I think its worth noting here that even members of SQAgentoperatorRole cannot modify or delete jobs they do not own.

    This limitation unfortunately prevents granting the right to someone to fully manage all jobs without granting them sysadmin.


  • Yes, unfortunately although these roles exist for the most part you need to be a sysadmin or the job owner to do anything useful.

  • In past versions of SQL Server, the SQL Server Agent service account needed Windows Administrator rights on the local computer in order to successfully restart the service when it stops unexpectedly (because the SQL Server Service would have to be restarted first). Is that still true in SQL Server 2008? 2012?


  • The SQL Server Agent service account will definately need enough rights to restart the service, I just don't know if that's full administrator rights. For some reason this limitation is not mentioned in the considerations for not using an administrative service account in books online.

  • Excellent article, great job.


    [font="Tahoma"]Who looks outside, dreams; who looks inside, awakes. – Carl Jung.[/font]
  • Would you consider it a defect to have the login change on the service account, but it wouldn't work properly on a restart of the service?

    Is there a command line test I can run to see that the Agent is logged in correctly?

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply