Modify SQL agent jobs without sysadmin

Posted on 2013-12-10
Last Modified: 2013-12-25
We are using SQL server 2012 Standard Edition.

We have our development server where we do our research and development, before any process is deployed to production. These servers are managed by the DBA team. The DBA team does not want us to give sysadmin rights on the dev server. Right now the way the permissions are set up, we cannot modify or change schedule on any job without sysadmin rights. The DBA has mentioned that if we can suggest any way where we can do this without using sysadmin, they will let us do it.

Is there any way to be able to modify SQL agent jobs without having sysadmin rights?

Is there any way to be able to modify  schedule on SQL agent jobs without having sysadmin rights?

Question by:patd1
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 34

Assisted Solution

by:Brian Crowe
Brian Crowe earned 125 total points
ID: 39708948
Taken from Microsoft Technet:

To configure a user to create or execute Microsoft SQL Server Agent jobs, you must first add an existing SQL Server login or msdb role to one of the following SQL Server Agent fixed database roles in the msdb database: SQLAgentUserRole, SQLAgentReaderRole, or SQLAgentOperatorRole.

By default, members of these database roles can create their own job steps that run as themselves. If these non-administrative users want to run jobs that execute other job step types (for example, SSIS packages), they will need to have access to a proxy account. All members of the sysadmin fixed server role have permission to create, modify, and delete proxy accounts. For more information about the permissions that are associated with these SQL Server Agent fixed database roles, see SQL Server Agent Fixed Database Roles.

Hope this helps,
LVL 69

Expert Comment

by:Scott Pletcher
ID: 39709004
Is there any way to be able to modify SQL agent jobs without having sysadmin rights?
Is there any way to be able to modify  schedule on SQL agent jobs without having sysadmin rights?

Not directly, unless you own the job.  None of the Agent roles will give you that authority on existing job(s) that you do not own.

Author Comment

ID: 39709026
We can create/modify our own jobs. But the problem is this:

We are 3 people in a team. Each one of us should be able to modify all jobs (not just our own) on dev server. So we create the jobs under sysadmin and we use sysadmin login to modify or change schedule on those jobs. THE DBA wants us to find another way where we should be able to modify jobs or change schedule on all jobs without using sysadmin. There is no one else other then us three who uses this database server.

The DBA mentioned that there may be a third party tool that works like SQL agent that may allow us to do this, but was not clear on what third party tool.

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

LVL 69

Assisted Solution

by:Scott Pletcher
Scott Pletcher earned 125 total points
ID: 39709052
The DBA could give you the SQLAgentOperatorRole.  That would allow you to view all jobs.

The DBA could (at least in theory) also:

1. create a new, different user that has sysadmin authority,
2A.  create a proc in msdb that execs as the new sysadmin user,
2B.  give you EXEC permission on that proc.  That proc would take parameters identical to sp_update_job and sp_update_jobschedule, and it would call those procs for you.  This should work for any job, since the proc is executing as sysadmin.

Author Comment

ID: 39709137
We can view all jobs and also right click execute job.

The problem occurs when we want to modify the jobs or change schedule on those jobs that are not created under our own authentication.

The DBA will not give us any user that has sysadmin authority.

Author Comment

ID: 39709267
Is there a third party tool that gives us this facility of creating/modifying/scheduling jobs, track history (basically some tool similar to sql agent), that can use a service account with sysadmin authority behind the scenes, where we can have users who can add create modify all jobs?
LVL 69

Expert Comment

by:Scott Pletcher
ID: 39709576
I'm not aware of such a tool.  Then again, you don't really such a tool.  It would likely do under the covers what I described above, that your own DBA could do.  Although it might put a "cute" GUI over the final result so you don't have to directly call a stored proc.
LVL 10

Assisted Solution

Banthor earned 125 total points
ID: 39709685
Have your DBA Team create a Service account in the environment with 'SQLAgentUserRole' permissions on the servers.

Create a Job that runs every 5 minutes or so that runs a CmdExec or Powershell script containing your changes from your share.

Put all the changes needed in that script.

> The scope of permissions is limited to Service account as far as your access. The jobs may do anything.
> As a dba, I would not allow this either but it may be a compromise you can work through.
In the past I have provided a Simple Web based UI to allow users to request jobs to be run at a time or on demand. Then user one Agent Job to execute one job a time.

Best Practice would be to have all your work in SSIS Packages, Validated by Test and Then sent to the DBA's to be Scheduled.

All Environments are different.
LVL 43

Accepted Solution

Eugene Z earned 125 total points
ID: 39710285
as per above post
the SQLAgentOperatorRole  msdb role should be good for you without being sa with some limitations,
for the rest jobs management ask DBAs
SQL Server Agent Fixed Database Roles

Author Closing Comment

ID: 39739301
We had another DBA look at our problem, he created a new sql user account, not sure with what permissions, but it allows us to modify, re-schedule jobs.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties
Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question