Need some permissions issuses fixed

Environ is Server 2008 windows domain.  SQL 2008 servers.

Some of my users need to edit the content of jobs that they do not own.  So, they need to edit jobs owned by someone else.  I would like to grant them permissions to do so, but I'm not sure of the best way to do this.  

We use Windows authentication so I'd like to use a domain account or group.  The odd thing is, we want to move people in and out of this group as needed and not leave them in there all the time.

Should I build an AD group, drop it into local workstation admins group and then delegate a couple of admins rights to add/remove people from that group?

Thoughts on best way to accomplish this?


Who is Participating?
Vitor MontalvãoMSSQL Senior EngineerCommented:
Jobs are stored in msdb database so you don't need to give sa rights to the users.
All the roles you need are in msdb:
But for what you told I think they'll only need to have the SQLAgentUserRole.
Hopefully the files are in a certain folder on a file server. Then, you can apply the perms to the folder.

Making an AD group is good. Then, add the group to the folder, giving them needed rights.

FYI: Each time you add/move users to the group, they must logoff then logon for the perms to effect.
crp0499CEOAuthor Commented:
These aren't files and folders I don't think.  These are SQL jobs in SQL that are owned by other users and no owner users need to edit the jobs so we give then temp SA rights.  We are doing it manually now and want to use AD to create a Role and then maybe put the users into a group and then add and remove the group from the role as needed.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.