Go Premium for a chance to win a PS4. Enter to Win


Modify SQL agent jobs without sysadmin

Posted on 2013-12-10
Medium Priority
Last Modified: 2017-07-18
We are using SQL server 2012 Standard Edition.

We have our development server where we do our research and development, before any process is deployed to production. These servers are managed by the DBA team. The DBA team does not want us to give sysadmin rights on the dev server. Right now the way the permissions are set up, we cannot modify or change schedule on any job without sysadmin rights. The DBA has mentioned that if we can suggest any way where we can do this without using sysadmin, they will let us do it.

Is there any way to be able to modify SQL agent jobs without having sysadmin rights?

Is there any way to be able to modify  schedule on SQL agent jobs without having sysadmin rights?

Question by:patd1
LVL 34

Assisted Solution

by:Brian Crowe
Brian Crowe earned 375 total points
ID: 39708948
Taken from Microsoft Technet:

To configure a user to create or execute Microsoft SQL Server Agent jobs, you must first add an existing SQL Server login or msdb role to one of the following SQL Server Agent fixed database roles in the msdb database: SQLAgentUserRole, SQLAgentReaderRole, or SQLAgentOperatorRole.

By default, members of these database roles can create their own job steps that run as themselves. If these non-administrative users want to run jobs that execute other job step types (for example, SSIS packages), they will need to have access to a proxy account. All members of the sysadmin fixed server role have permission to create, modify, and delete proxy accounts. For more information about the permissions that are associated with these SQL Server Agent fixed database roles, see SQL Server Agent Fixed Database Roles.

Hope this helps,
LVL 70

Expert Comment

by:Scott Pletcher
ID: 39709004
Is there any way to be able to modify SQL agent jobs without having sysadmin rights?
Is there any way to be able to modify  schedule on SQL agent jobs without having sysadmin rights?

Not directly, unless you own the job.  None of the Agent roles will give you that authority on existing job(s) that you do not own.

Author Comment

ID: 39709026
We can create/modify our own jobs. But the problem is this:

We are 3 people in a team. Each one of us should be able to modify all jobs (not just our own) on dev server. So we create the jobs under sysadmin and we use sysadmin login to modify or change schedule on those jobs. THE DBA wants us to find another way where we should be able to modify jobs or change schedule on all jobs without using sysadmin. There is no one else other then us three who uses this database server.

The DBA mentioned that there may be a third party tool that works like SQL agent that may allow us to do this, but was not clear on what third party tool.

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 70

Assisted Solution

by:Scott Pletcher
Scott Pletcher earned 375 total points
ID: 39709052
The DBA could give you the SQLAgentOperatorRole.  That would allow you to view all jobs.

The DBA could (at least in theory) also:

1. create a new, different user that has sysadmin authority,
2A.  create a proc in msdb that execs as the new sysadmin user,
2B.  give you EXEC permission on that proc.  That proc would take parameters identical to sp_update_job and sp_update_jobschedule, and it would call those procs for you.  This should work for any job, since the proc is executing as sysadmin.

Author Comment

ID: 39709137
We can view all jobs and also right click execute job.

The problem occurs when we want to modify the jobs or change schedule on those jobs that are not created under our own authentication.

The DBA will not give us any user that has sysadmin authority.

Author Comment

ID: 39709267
Is there a third party tool that gives us this facility of creating/modifying/scheduling jobs, track history (basically some tool similar to sql agent), that can use a service account with sysadmin authority behind the scenes, where we can have users who can add create modify all jobs?
LVL 70

Expert Comment

by:Scott Pletcher
ID: 39709576
I'm not aware of such a tool.  Then again, you don't really such a tool.  It would likely do under the covers what I described above, that your own DBA could do.  Although it might put a "cute" GUI over the final result so you don't have to directly call a stored proc.
LVL 10

Assisted Solution

Banthor earned 375 total points
ID: 39709685
Have your DBA Team create a Service account in the environment with 'SQLAgentUserRole' permissions on the servers.

Create a Job that runs every 5 minutes or so that runs a CmdExec or Powershell script containing your changes from your share.

Put all the changes needed in that script.

> The scope of permissions is limited to Service account as far as your access. The jobs may do anything.
> As a dba, I would not allow this either but it may be a compromise you can work through.
In the past I have provided a Simple Web based UI to allow users to request jobs to be run at a time or on demand. Then user one Agent Job to execute one job a time.

Best Practice would be to have all your work in SSIS Packages, Validated by Test and Then sent to the DBA's to be Scheduled.

All Environments are different.
LVL 43

Accepted Solution

Eugene Z earned 375 total points
ID: 39710285
as per above post
the SQLAgentOperatorRole  msdb role should be good for you without being sa with some limitations,
for the rest jobs management ask DBAs
SQL Server Agent Fixed Database Roles

Author Closing Comment

ID: 39739301
We had another DBA look at our problem, he created a new sql user account, not sure with what permissions, but it allows us to modify, re-schedule jobs.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wondered why sometimes your SQL Server is slow or unresponsive with connections spiking up but by the time you go in, all is well? The following article will show you how to install and configure a SQL job that will send you email alerts includ…
Windocks is an independent port of Docker's open source to Windows.   This article introduces the use of SQL Server in containers, with integrated support of SQL Server database cloning.
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question