tags:

views:

1437

answers:

2
Q: 

SQL Server agent job account issue

Hello everyone,

I am using SQL Server 2008. I am confused about which account will be used when a SQL Server agent job runs. My confusions are,

  1. SQL Server agent as a Windows Service which we could control from Windows Service Management Console, from there we could set the account to run SQL Server Agent (LocalSystem in my computer);
  2. Could I set SQL Server agent job level account to run on?
  3. Could I set in each step which account SQL Server agent job step will run on?

I have above confusions because 3 different account systems may be used and my concern is what is the actual account each step will run on, and I want to avoid any permisson issues (i.e. I want to make sure the account have enough permission.). Any comments or advice? Appreciate anyone could clarify the 3 levels of accounts, which makes me very confused.

thanks in advance, George

+1  A: 
marc_s  2009-08-01 11:18:19
Thanks Marc, in SQL Server Agent Job configuration we could assign Owner, it is just for description purpose when dump event log or it is the actual account which SQL Server agent job will run on?
George2  2009-08-01 11:25:10
Hi Marc, I like your advice of using the single account. Then should I need to configure the SQL Server agent Windows Service account? Or configure somewhere else? I think we'd better not set the Windows Service account since once set, all jobs belong to the current instance will run under the same account.
George2  2009-08-01 11:28:07
George2: the owner in SQL Server is typically the account which can set permissions on the object, e.g. give or take away rights and such. I'm not sure if the owner would be used as the account to run the step under if you don't specify another one specifically.
marc_s  2009-08-01 11:29:05
Thanks Marc, the final confusion point for me is, I want to follow your points to use single account for the specific SQL Server job (and all job steps for the job), and appreciate if you could review whehter my operations are correct, my steps are -- I should set the Owner for the SQL Server job, no need to use Advanced settings for each job step (then each job step will automatically use Owner account for the containing job), and also no need to set the account which SQL Server Agent Windows Service runs? And the Owner for Job is the account which all steps actually runs on?
George2  2009-08-01 11:40:18
And I just need to make sure the Owner account have enough permission for all steps?
George2  2009-08-01 11:40:52
I can't say for sure - I can't seem to find any definitive answers on that one, really. Since my Jobs typically select and update stuff in the database, I am lead to assume that the "Owner" account will be used by default, unless you specify some other account on a given step, yes
marc_s  2009-08-01 11:48:36
Thanks Marc, I have marked your reply as answered. I have a related question here, appreciate if you could help.http://stackoverflow.com/questions/1216584/create-sql-server-job-automatically
George2  2009-08-01 13:31:00
Here is another related question. :-) http://stackoverflow.com/questions/1216551/how-to-start-sql-server-agent-jobs-automatically
George2  2009-08-01 13:32:19
+1  A: 

You can create Credentials in SQL Server (use Mgt Studio, under Security). Then create a Proxy in SQL Agent to use those credentials, telling it what kind of job steps can be used by the proxy. Then you get the choice to use that Proxy in the job step itself.

So... I make accounts for various SSIS packages to run under, so that I can keep the SQL Agent Service Account low privilege, and use a proxied credential with slightly higher privilege (not admin though, just enough permission to connect to other systems, including the File System).

Rob

Rob Farley  2009-08-01 12:46:58
Thanks Rob - I was having trouble and this seemed to work perfectly for me. I am running some powershell scripts and needed elevated permissions for some of the steps. nice.
aSkywalker  2009-12-04 18:58:58

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?