Hi, Can someone tell me what permissions are needed for logins to be able
to run CmdExec Jobs'
I recently removed everyone from System Admin and have been working through
all kind of issues. I now have some jobs that fail and here is the message
that they fail with>> "Non-SysAdmins have been denied permission to run
CmdExec job steps. The step failed." There are 3 Analysts who create DTS
packages and schedule them to run at various times, so they need to own
their jobs, but what it the minimum permissions they can be provided to be
able to run these type of jobs'
Thank you..How you would go about this depends on the version of SQL
Server - it's different for all versions. Since you mention
DTS I am guessing you are on SQL Server 2000.
On 2000, if a non-sysadmin is going to be running a CmdExec
job, first you need to enable SQL Agent to allow
non-sysadmins to execute CmdExec steps. Right click on SQL
Agent, select properties and then go to the Job System tab.
From here, remove the check which restricts CmdExec and
ActiveX job steps to Sysadmins only.
You will then need to configure the proxy account. The proxy
account is the security context that will be used for the
jobs. You can find information on the proxy account as well
as some of the security issues you are running into in books
online under: xp_sqlagent_proxy_account
-Sue
On Tue, 5 Sep 2006 16:08:48 -0500, "WANNABE" <breichenbach
AT istate DOT com> wrote:
>Hi, Can someone tell me what permissions are needed for logins to be able
>to run CmdExec Jobs'
>I recently removed everyone from System Admin and have been working through
>all kind of issues. I now have some jobs that fail and here is the message
>that they fail with>> "Non-SysAdmins have been denied permission to run
>CmdExec job steps. The step failed." There are 3 Analysts who create DTS
>packages and schedule them to run at various times, so they need to own
>their jobs, but what it the minimum permissions they can be provided to be
>able to run these type of jobs'
>Thank you..
>|||Thanks Sue, You are correct SQL2000 is what I speak of. I believe you have
provided me with all the right stuff. I will read what I can find under
xp_sqlagent_proxy_account.. Thanks again.
=======================================
"Sue Hoegemeier" <Sue_H@.nomail.please> wrote in message
news:nfvrf2dp55icp6a9r02i0hfdndjp77dr4k@.
4ax.com...
> How you would go about this depends on the version of SQL
> Server - it's different for all versions. Since you mention
> DTS I am guessing you are on SQL Server 2000.
> On 2000, if a non-sysadmin is going to be running a CmdExec
> job, first you need to enable SQL Agent to allow
> non-sysadmins to execute CmdExec steps. Right click on SQL
> Agent, select properties and then go to the Job System tab.
> From here, remove the check which restricts CmdExec and
> ActiveX job steps to Sysadmins only.
> You will then need to configure the proxy account. The proxy
> account is the security context that will be used for the
> jobs. You can find information on the proxy account as well
> as some of the security issues you are running into in books
> online under: xp_sqlagent_proxy_account
> -Sue
> On Tue, 5 Sep 2006 16:08:48 -0500, "WANNABE" <breichenbach
> AT istate DOT com> wrote:
>
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment