SO here's the deal - I have a developer that needs to be
able to schedule jobs, but tha I do NOT want to give
System admin privelges to. She has DBO privelges on the
DBs she needs, and is a member of Bulk Insert and Process
ADmin server roles. She has the abiltiy to schedule jobsm
but if she creates one that uses CmdExe steps they fail
wit the message:
Executed as user: MCC_GENESIS\SQLSrv. The process could
not be created for step 1 of job
0xB793D66AE8016647AC64FFEB3EE2E202 (reason: A required
privilege is not held by the client). The step failed.
I have configured the SQL Agent to use a proxy account to
run scripts if the user is not SysAdmin, and I am using
the same domian account that starts the MSSQL service as
the proxy. The account is a DOMAIN admin (I know bad idea,
but that's what they gave me to work with.)
So here is the question - why do jobs fail when they are
owned by the debveloper, but run when owned by SA - both
are using the same account, (SA using account that starts
server, develped using it thorugh proxy)
Any advice would be greatly apprecaited!SQL Server Agent need a set of privileges in the OS to do these things. Search Books Online for
"level token" and you will find the section in BOL which describes these.
--
Tibor Karaszi, SQL Server MVP
Archive at: http://groups.google.com/groups?oi=djq&as_ugroup=microsoft.public.sqlserver
"Craig Dols" <cdols.no-spam@.hotmail.com> wrote in message
news:0dca01c3a9fe$2f3ed4a0$a501280a@.phx.gbl...
> SO here's the deal - I have a developer that needs to be
> able to schedule jobs, but tha I do NOT want to give
> System admin privelges to. She has DBO privelges on the
> DBs she needs, and is a member of Bulk Insert and Process
> ADmin server roles. She has the abiltiy to schedule jobsm
> but if she creates one that uses CmdExe steps they fail
> wit the message:
> Executed as user: MCC_GENESIS\SQLSrv. The process could
> not be created for step 1 of job
> 0xB793D66AE8016647AC64FFEB3EE2E202 (reason: A required
> privilege is not held by the client). The step failed.
> I have configured the SQL Agent to use a proxy account to
> run scripts if the user is not SysAdmin, and I am using
> the same domian account that starts the MSSQL service as
> the proxy. The account is a DOMAIN admin (I know bad idea,
> but that's what they gave me to work with.)
> So here is the question - why do jobs fail when they are
> owned by the debveloper, but run when owned by SA - both
> are using the same account, (SA using account that starts
> server, develped using it thorugh proxy)
> Any advice would be greatly apprecaited!
>|||Found it - thanks for your help!
>--Original Message--
>SQL Server Agent need a set of privileges in the OS to do
these things. Search Books Online for
>"level token" and you will find the section in BOL which
describes these.
>--
>Tibor Karaszi, SQL Server MVP
>Archive at: http://groups.google.com/groups?
oi=djq&as_ugroup=microsoft.public.sqlserver
>
>"Craig Dols" <cdols.no-spam@.hotmail.com> wrote in message
>news:0dca01c3a9fe$2f3ed4a0$a501280a@.phx.gbl...
>> SO here's the deal - I have a developer that needs to be
>> able to schedule jobs, but tha I do NOT want to give
>> System admin privelges to. She has DBO privelges on the
>> DBs she needs, and is a member of Bulk Insert and
Process
>> ADmin server roles. She has the abiltiy to schedule
jobsm
>> but if she creates one that uses CmdExe steps they fail
>> wit the message:
>> Executed as user: MCC_GENESIS\SQLSrv. The process could
>> not be created for step 1 of job
>> 0xB793D66AE8016647AC64FFEB3EE2E202 (reason: A required
>> privilege is not held by the client). The step failed.
>> I have configured the SQL Agent to use a proxy account
to
>> run scripts if the user is not SysAdmin, and I am using
>> the same domian account that starts the MSSQL service as
>> the proxy. The account is a DOMAIN admin (I know bad
idea,
>> but that's what they gave me to work with.)
>> So here is the question - why do jobs fail when they are
>> owned by the debveloper, but run when owned by SA - both
>> are using the same account, (SA using account that
starts
>> server, develped using it thorugh proxy)
>> Any advice would be greatly apprecaited!
>
>.
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment