Re: Permission to execute jobs but nothing else

From: Jasper Smith (jasper_smith9@hotmail.com)
Date: 04/04/03


From: "Jasper Smith" <jasper_smith9@hotmail.com>
Date: Fri, 4 Apr 2003 19:27:31 +0100


Since this is being run on the server and kicked off by SQLAgent
if you specify Integrated Security=SSPI then it will use NT Authentication
to run your script, no need for user name or password. You can
use VBScript directly in a job step using an ActiveX Script job step type
You can also do what you want using TSQL or calling xp_sqlmaint
Why are you approaching this by using an external script ?

-- 
HTH
Jasper Smith (SQL Server MVP)
I support PASS - the definitive, global
community for SQL Server professionals -
http://www.sqlpass.org
"Mike M." <mike@kressa.com> wrote in message
news:050701c2fab9$609bc430$a401280a@phx.gbl...
> I have built some maintenance vb-scripts that perform
> repetitive tasks such as integrity checks and backups.
> This script is executed by a scheduled SQL job which
> executes a CSCRIPT command pointing to this script on the
> hard drive.
>
> Performing these tasks requires you to obviously open a
> connection to SQL Server.  Since this script is a plain
> ascii file there is no security from viewing it.
> Embedding the connection string with UID and PWD is safe
> to me as long as I can setup a weak Login ID that can do
> nothing more then execute jobs.
>
> PROBLEM: I can't figure out how to setup a Login with
> this limited authority.  The best I found was to give
> the "JobRunner" login a server role of "dbcreator".  It
> works fairly well to prevent users from viewing table
> data (our main concern) but they can still obviously
> perform serious damage with permission to ALTER and DROP
> tables.
>
> I've tried setting up the job owner to be "JobRunner" and
> giving the Login no rights other then "Public".  However,
> it didn't work.
>
> Any suggestions?  Thanks in advance.


Relevant Pages

  • Re: Hacker activity?
    ... >login to a server, most as root but some are attempts to login to ... >telnet, all come from the same remote server, and all fail. ... >getting some odd cgi calls to a script on a secure ssl server. ... Make sure root cannot login to your system via ssh. ...
    (freebsd-questions)
  • Re: Limit desktop & start menu
    ... Create a login script that runs when users log into the TS, and map the R: ... persisitent "R" drive on the server itself and that may cure it. ...
    (microsoft.public.windows.terminal_services)
  • Permission to execute jobs but nothing else
    ... This script is executed by a scheduled SQL job which ... executes a CSCRIPT command pointing to this script on the ... to me as long as I can setup a weak Login ID that can do ...
    (microsoft.public.sqlserver.security)
  • Re: Slow TS logon from dumb terminals.
    ... Is a login from the console also slow? ... Do the users run a login script? ... if the Real-time protection component runs in every user session. ... No virus protection as only the server has s CD Rom/USB Access/Floppy. ...
    (microsoft.public.win2000.termserv.clients)
  • Re: Creating mapped drives from login script
    ... profiles that will use the altered login script. ... later reply to him/her regarding the server, ...
    (microsoft.public.windows.server.sbs)