Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Are there any security risks adding user to MSDB database and giving them permissions to execute agent jobs?

Posted on 2010-11-11
8
Medium Priority
?
416 Views
Last Modified: 2012-05-10
Are there any security risks adding user to MSDB database and giving them permissions to execute agent jobs?
0
Comment
Question by:Mr_Shaw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 16

Accepted Solution

by:
EvilPostIt earned 2000 total points
ID: 34113250
Assign your user the SQLAgentUserRole role in MSDB the will then be able to start and stop jobs
that are owned by his login. This will ensure that they cannot execute anything but jobs that are owned by them which would circumvent security issues.
0
 

Author Comment

by:Mr_Shaw
ID: 34113455
That works really well....

From a dba perspective do you think they would be happy with this setup?
0
 
LVL 16

Expert Comment

by:EvilPostIt
ID: 34113461
Im a DBA so yes.
0
Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

 
LVL 16

Expert Comment

by:EvilPostIt
ID: 34113468
Sorry that sounded quite blunt. Appologies for that.
0
 

Author Comment

by:Mr_Shaw
ID: 34113542
no problem... i'm just am SQL idot!!!
0
 

Author Closing Comment

by:Mr_Shaw
ID: 34113548
thanks
0
 

Author Comment

by:Mr_Shaw
ID: 34113748
I just read on http://msdn.microsoft.com/en-us/library/ms188283.aspx

The SQLAgentReaderRole and the SQLAgentOperatorRole are automatically members of the SQLAgentUserRole.

Should I deny permission on SQLAgentReaderRole and the SQLAgentOperatorRole as well?
0
 
LVL 16

Expert Comment

by:EvilPostIt
ID: 34113780
See what the DBA's say. If they arent bothered about then dont worry.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
It is possible to export the data of a SQL Table in SSMS and generate INSERT statements. It's neatly tucked away in the generate scripts option of a database.
Via a live example, show how to backup a database, simulate a failure backup the tail of the database transaction log and perform the restore.
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question