Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Modify SQL agent jobs without sysadmin

Posted on 2013-12-10
Medium Priority
Last Modified: 2017-07-18
We are using SQL server 2012 Standard Edition.

We have our development server where we do our research and development, before any process is deployed to production. These servers are managed by the DBA team. The DBA team does not want us to give sysadmin rights on the dev server. Right now the way the permissions are set up, we cannot modify or change schedule on any job without sysadmin rights. The DBA has mentioned that if we can suggest any way where we can do this without using sysadmin, they will let us do it.

Is there any way to be able to modify SQL agent jobs without having sysadmin rights?

Is there any way to be able to modify  schedule on SQL agent jobs without having sysadmin rights?

Question by:patd1
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 34

Assisted Solution

by:Brian Crowe
Brian Crowe earned 375 total points
ID: 39708948
Taken from Microsoft Technet:

To configure a user to create or execute Microsoft SQL Server Agent jobs, you must first add an existing SQL Server login or msdb role to one of the following SQL Server Agent fixed database roles in the msdb database: SQLAgentUserRole, SQLAgentReaderRole, or SQLAgentOperatorRole.

By default, members of these database roles can create their own job steps that run as themselves. If these non-administrative users want to run jobs that execute other job step types (for example, SSIS packages), they will need to have access to a proxy account. All members of the sysadmin fixed server role have permission to create, modify, and delete proxy accounts. For more information about the permissions that are associated with these SQL Server Agent fixed database roles, see SQL Server Agent Fixed Database Roles.

Hope this helps,
LVL 70

Expert Comment

by:Scott Pletcher
ID: 39709004
Is there any way to be able to modify SQL agent jobs without having sysadmin rights?
Is there any way to be able to modify  schedule on SQL agent jobs without having sysadmin rights?

Not directly, unless you own the job.  None of the Agent roles will give you that authority on existing job(s) that you do not own.

Author Comment

ID: 39709026
We can create/modify our own jobs. But the problem is this:

We are 3 people in a team. Each one of us should be able to modify all jobs (not just our own) on dev server. So we create the jobs under sysadmin and we use sysadmin login to modify or change schedule on those jobs. THE DBA wants us to find another way where we should be able to modify jobs or change schedule on all jobs without using sysadmin. There is no one else other then us three who uses this database server.

The DBA mentioned that there may be a third party tool that works like SQL agent that may allow us to do this, but was not clear on what third party tool.

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

LVL 70

Assisted Solution

by:Scott Pletcher
Scott Pletcher earned 375 total points
ID: 39709052
The DBA could give you the SQLAgentOperatorRole.  That would allow you to view all jobs.

The DBA could (at least in theory) also:

1. create a new, different user that has sysadmin authority,
2A.  create a proc in msdb that execs as the new sysadmin user,
2B.  give you EXEC permission on that proc.  That proc would take parameters identical to sp_update_job and sp_update_jobschedule, and it would call those procs for you.  This should work for any job, since the proc is executing as sysadmin.

Author Comment

ID: 39709137
We can view all jobs and also right click execute job.

The problem occurs when we want to modify the jobs or change schedule on those jobs that are not created under our own authentication.

The DBA will not give us any user that has sysadmin authority.

Author Comment

ID: 39709267
Is there a third party tool that gives us this facility of creating/modifying/scheduling jobs, track history (basically some tool similar to sql agent), that can use a service account with sysadmin authority behind the scenes, where we can have users who can add create modify all jobs?
LVL 70

Expert Comment

by:Scott Pletcher
ID: 39709576
I'm not aware of such a tool.  Then again, you don't really such a tool.  It would likely do under the covers what I described above, that your own DBA could do.  Although it might put a "cute" GUI over the final result so you don't have to directly call a stored proc.
LVL 10

Assisted Solution

Banthor earned 375 total points
ID: 39709685
Have your DBA Team create a Service account in the environment with 'SQLAgentUserRole' permissions on the servers.

Create a Job that runs every 5 minutes or so that runs a CmdExec or Powershell script containing your changes from your share.

Put all the changes needed in that script.

> The scope of permissions is limited to Service account as far as your access. The jobs may do anything.
> As a dba, I would not allow this either but it may be a compromise you can work through.
In the past I have provided a Simple Web based UI to allow users to request jobs to be run at a time or on demand. Then user one Agent Job to execute one job a time.

Best Practice would be to have all your work in SSIS Packages, Validated by Test and Then sent to the DBA's to be Scheduled.

All Environments are different.
LVL 43

Accepted Solution

Eugene Z earned 375 total points
ID: 39710285
as per above post
the SQLAgentOperatorRole  msdb role should be good for you without being sa with some limitations,
for the rest jobs management ask DBAs
SQL Server Agent Fixed Database Roles

Author Closing Comment

ID: 39739301
We had another DBA look at our problem, he created a new sql user account, not sure with what permissions, but it allows us to modify, re-schedule jobs.

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
What if you have to shut down the entire Citrix infrastructure for hardware maintenance, software upgrades or "the unknown"? I developed this plan for "the unknown" and hope that it helps you as well. This article explains how to properly shut down …
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA.…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question