Geek Answers Handbook

SQL Server Agent Agent Account Error

I am using SQL Server 2008. I am confused about which account will be used when running the SQL Server Agent job. My confusion:

  • SQL Server Agent as a Windows service that we could control from the Windows Services Management Console, from there we could set up an account to start SQL Server Agent (local system on my computer);
  • Can I run the SQL Server Agent Job Level Account?
  • Can I install at each step that will run the SQL Server Agent job step?

I have higher misunderstandings because 3 different accounting systems can be used, and my concern is what is the actual account on which each step will work, and I want to avoid any permissions (i.e. I want account had enough permission.). Any comments or tips? Appreciate that someone can clarify the 3 levels of accounts, which confuses me a lot.

thanks in advance George

+4
source share
2 answers

Typically, I run SQL Server Agent jobs in the same account as your application, accessing the database.

If this account is too limited in its permissions (which can be useful!), I would create a separate account for this application and all its SQL jobs (if possible) and run all the SQL jobs in this account.

You can run each step under a different account, but I would not use it at all (it is just very difficult to understand and understand what is performed under which account). Use it only if you need to perform a particularly sensitive step that requires a bunch of additional permissions, and these permissions are available only for a specific system account or something else.

The account running the Windows Server Agent service does not really affect how your work steps are performed.

So, it comes down to really two accounts:

  • To start the SQL Server Agent service, you need one account - this is the Windows account on your computer / server, which must have sufficient permissions to start the service, start and stop it - or use the LocalSystem, Network Service or any other Windows account with which you must start services with

  • The other account will be an account to run your SQL Server Agent actions, which is usually a SQL Server account (which can be based on a Windows account) and it needs enough privileges in SQL Server to do its job, for example, it needs access to objects database and all. I would strive to have only one account for each application that runs SQL Server jobs — making life a lot easier!

Mark

PS: To configure the user to complete this step, you need to use the "Advanced" page in the task step properties dialog box and select the user from the pop-up window:

alt text http://i31.tinypic.com/zjdqh3.jpg

+5
source

You can create credentials in SQL Server (use Mgt Studio under security). Then create a proxy server in the SQL agent to use these credentials, specifying what actions the proxy server can use. Then you get the opportunity to use this proxy at the very stage of work.

So ... I make accounts for various SSIS packages to run, so that I can maintain a low privilege of the SQL Agent service account and use proxy credentials with slightly higher permissions (not admin, although permission to connect to other systems is sufficient , including the file system).

Rob

+4
source

More articles:


All Articles