I have a database named MCP and a SQL Login MCP_USER (not sysadmin).
MCP_USER has db_datareader, db_datawriter and db_ddladmin permissions on MCP
database
I created a JOB (simple select on the MCP database) = select * from
mcp.tbl_test
the JOB has the MCP_USER as owner
the MCP_USER has SQLAgentOperatiorRole, SQLAgentReaderRole,
SQLAgentUserRole and targetServersRole permissions on the msdb database
if I try running the JOB with MCP_USER (that is what I need) I got: "the
EXECUTION permission was denied on the object sp_start_job, database msdb,
schema dbo"
This looks like a easy issue, but i think I've done all steps needed.
All I need is run a JOB with a non sysdmin user ..
thanks heaps ..
Julio MattosJulion
One question , when you start the job , did you log in as a MCP_USER ?
BOL says
Members of SQLAgentUserRole and SQLAgentReaderRole can only start jobs that
they own. Members of SQLAgentOperatorRole can start all local jobs including
those that are owned by other users. Members of sysadmin can start all local
and multiserver jobs.
"Julio Mattos" <JulioMattos@.discussions.microsoft.com> wrote in message
news:87A1E4F0-2C93-4821-AA51-2C2CE0E11D77@.microsoft.com...
>I have a database named MCP and a SQL Login MCP_USER (not sysadmin).
> MCP_USER has db_datareader, db_datawriter and db_ddladmin permissions on
> MCP
> database
> I created a JOB (simple select on the MCP database) = select * from
> mcp.tbl_test
> the JOB has the MCP_USER as owner
> the MCP_USER has SQLAgentOperatiorRole, SQLAgentReaderRole,
> SQLAgentUserRole and targetServersRole permissions on the msdb database
> if I try running the JOB with MCP_USER (that is what I need) I got: "the
> EXECUTION permission was denied on the object sp_start_job, database msdb,
> schema dbo"
> This looks like a easy issue, but i think I've done all steps needed.
> All I need is run a JOB with a non sysdmin user ..
> thanks heaps ..
> Julio Mattos|||Hi Uri,
yes I am logged in as MCP_USER. The good news I found the issue. I had
assigned MCP_USER to SQLAgentOperatiorRole, SQLAgentReaderRole and
SQLAgentUserRole, but I just need to assign to one role not all the 3.
MCP_USER is SQLAgentOperatiorRole only and its working fine. If you want to
understand better why, have a look to the role descriptions. Basically one
role was overlaping the restrictions to another role.
thanks a lot
Julio
"Uri Dimant" wrote:
> Julion
> One question , when you start the job , did you log in as a MCP_USER ?
> BOL says
> Members of SQLAgentUserRole and SQLAgentReaderRole can only start jobs tha
t
> they own. Members of SQLAgentOperatorRole can start all local jobs includi
ng
> those that are owned by other users. Members of sysadmin can start all loc
al
> and multiserver jobs.
> "Julio Mattos" <JulioMattos@.discussions.microsoft.com> wrote in message
> news:87A1E4F0-2C93-4821-AA51-2C2CE0E11D77@.microsoft.com...
>
>|||Thanks for the info Julio
"Julio Mattos" <JulioMattos@.discussions.microsoft.com> wrote in message
news:9D0D446D-2961-44DC-8D61-ED5B6ED12CF1@.microsoft.com...[vbcol=seagreen]
> Hi Uri,
> yes I am logged in as MCP_USER. The good news I found the issue. I had
> assigned MCP_USER to SQLAgentOperatiorRole, SQLAgentReaderRole and
> SQLAgentUserRole, but I just need to assign to one role not all the 3.
> MCP_USER is SQLAgentOperatiorRole only and its working fine. If you want
> to
> understand better why, have a look to the role descriptions. Basically one
> role was overlaping the restrictions to another role.
> thanks a lot
> Julio
> "Uri Dimant" wrote:
>
Wednesday, March 7, 2012
challenge (permission denied) no sense, please help !
Labels:
challenge,
database,
db_datareader,
db_datawriter,
db_ddladmin,
denied,
login,
mcp,
mcp_user,
microsoft,
mysql,
named,
oracle,
permission,
permissions,
sense,
server,
sql,
sysadmin
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment