Is there a way to grant a group of users the ability to execute some jobs on a server, but restrict their access to others.
We'd like to grant our developers the permission to execute their jobs (many developers and we'd like to avoid a shared account) without giving them the ability to execute our backup, reindex, etc jobs.
Is there a way to grant execute on some jobs, but not all to a Windows group?
We're using the new msdb SQLAgent role to allow them to see all jobs and view output, but there doesn't seem to be a way to grant execute on specific jobs only.
Thanks
Under normal circumstances, a user will be able to start a Job that he/she 'owns'.
Of course, success depends upon have permissions to execute each step of the Job.
|||You could consider having a table populated that indicates what the groups can do. Then make the first step of the job a query which raises an error if the permission shouldn't apply. Only continue the job if the query succeeds.Alternatively, you could fake this by having a tiny table for each job. So you have a "sec_backup" table (with a single column and row), which is only queryable by those who also have permission to run the job.
It's not particularly elegant, but you could quite easily produce the security model you're after this way.
Rob
No comments:
Post a Comment