Re: SQL Service Accounts

From: Richard Waymire [MS] (rwaymi_ms@microsoft.com)
Date: 10/29/02 

From: "Richard Waymire [MS]" <rwaymi_ms@microsoft.com>
Date: Tue, 29 Oct 2002 10:56:10 -0800

totally your call but really the bottom statement is the one to watch. If
you trust the job contents and only want sysadmins to change them in
production then having them owned by sysadmin is fine. If you want the user
to be able to modify the job (or restrict the content based on who the user
would be - i.e. only show data they could otherwise see) then the proxy
solution may make sense. 

--
Richard Waymire, MCSE, MCDBA
This posting is provided "AS IS" with no warranties, and confers no rights.
"Byron Hynes" <bph@byronetta.com> wrote in message
news:Xns92B673D9D6BE9bphbyronettacom@207.46.239.39...
> "Richard Waymire [MS]" <rwaymi_ms@microsoft.com> wrote (29 Oct 2002):
>
> > If the user is not a sysadmin then they'll probably need access to a
> > proxy account - you can configure that on the server properties ->
> > security tab in Enterprise manager.
> >
>
> Richard,
>
> Once a system moves into production, isn't it a good idea to consider
> having the sa own the job?
>
> I mean, if it's not an sa job, should it be on the server, and if it is,
> why should it be left with non-priveledged users? Or, on the other hand,
is
> having all jobs owned by sa violating the "least required privelege" idea?
>
> - Byron
>
> --
> -----------------------------------------------------------------
> Byron P Hynes
> "He who exercises government by means of his virtue may be
> compared to the north polar star, which keeps its place and
> all the stars turn towards it." --Confucius
> -----------------------------------------------------------------