tags:

views:

1107

answers:

1
Q: 

SQL Server 2005 - Linked Servers & Agent Jobs

I have a strange scenario that I am currently unable to explain. I live in hope that it's just "the Friday feeling" or that some kindly sole here will bail my brain out and save me from endless loops of "but why!?" :)

Two servers, running SQL Server 2005, with DNS Entries of: 

1. ServerA  
2. ServerB

(Well, they're not really called that, but it will suffice...)

On both SQL Server Instances there are Linked Servers configured pointing to the other server.

For obvious security reasons the LinkedServer Security configuration is set to: 

- Be made using the login's current security context

The other "Linked Server Options" are...

Collation Compatible: True
Data Access:          True
RPC:                  True
RPC Out:              True
Use Remote Collation: True
Collation Name:       <blank>
Connection Timeout:   30
Command Timeout:      10

A login is created with the same password on both Instances. The logins are given the appropriate execute permissions to the relevant stored procedures.

I write some code, and execute it under that login and it all works hoorah


But when I create an Agent Job to run these stored procedures it all goes wrong. The owner of the Agent Job is 'automated_job_login' but my error logging gives the following: - Login failed for user 'automated_job_login'

(Again that name has been altered to protect the guilty.)


I can't figure out for the life of me why it will work when I log in as that user, but the job errors when connecting to the linked server. (It's definately at the point of the linked server connection.)

To make things more confusing, if I change the Linked Server Security configuration to "Be made using this secuirty context:" and specify 'automated_job_login' with the correct password, it works fine.

I'm missing something, I know I must be, but I can't find what. I've read documentation until my eyes bleed and I've failed. Please help me :)


[Leaving the Linked Server Secuiry option as "Be made using this secuirty context:" is not an option as this would give all users of that server unnaceptable levels of access to the other server.]

+2  A: 

The SQL agent job may be owned by your login, but it is not executed in that login context. It's in the SQL Agent service account context

Because you have SQL Server 2005, you could use EXEC AS USER = 'mylogin' as a stored proc option.

Otherwise, you have to set the database user name using the @database_user_name parameter of sp_add_jobstep. In SSMS, you can set the context. Job ownership is slighty different to setting ths, IIRC.

gbn  2009-03-21 00:25:40
Thanks for the help, have had a look around about this already. Basically, even though my login is in the sysadmin group I still can't change the "Run As" option in the agent job...
Dems  2009-03-23 15:03:04
perhaps at the sp_add_jobstep level then? Sorry, but I don't have access to verify exactly in my shop. However, can you change any bits of the job?
gbn  2009-03-23 15:13:10
I've found an article that pointed out that there are TWO places to set the "Run As", and only the second is usable for T-SQL jobs. Unfortunately I still get the failed login error *goes cross eyed*. http://tinyurl.com/cyaeyw
Dems  2009-03-23 15:26:30
Can you use profiler to see what's *really* happening?
gbn  2009-03-23 16:26:20
Not at present, though I should be able to by Wednesday... All I can do at present is isolate the exact line of code and the associated error message.
Dems  2009-03-23 18:06:25
+1 for being the only person trying to help :)
Dems  2009-03-23 18:06:58
Thank you. My next thought (but can't find it in BOL) is that user context change is not allowed for linked servers...
gbn  2009-03-23 20:02:58
That would make the use of linked servers by agent jobs virtually redundant. I can't accept that MS would force people to compromise security to do so. But I can accept that they made it extremely convoluted AND difficult to find out how.
Dems  2009-03-24 08:27:34

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP