Re: Permission to execute jobs but nothing else

From: Jasper Smith (jasper_smith9@hotmail.com)
Date: 04/04/03


From: "Jasper Smith" <jasper_smith9@hotmail.com>
Date: Fri, 4 Apr 2003 19:27:31 +0100


Since this is being run on the server and kicked off by SQLAgent
if you specify Integrated Security=SSPI then it will use NT Authentication
to run your script, no need for user name or password. You can
use VBScript directly in a job step using an ActiveX Script job step type
You can also do what you want using TSQL or calling xp_sqlmaint
Why are you approaching this by using an external script ?

-- 
HTH
Jasper Smith (SQL Server MVP)
I support PASS - the definitive, global
community for SQL Server professionals -
http://www.sqlpass.org
"Mike M." <mike@kressa.com> wrote in message
news:050701c2fab9$609bc430$a401280a@phx.gbl...
> I have built some maintenance vb-scripts that perform
> repetitive tasks such as integrity checks and backups.
> This script is executed by a scheduled SQL job which
> executes a CSCRIPT command pointing to this script on the
> hard drive.
>
> Performing these tasks requires you to obviously open a
> connection to SQL Server.  Since this script is a plain
> ascii file there is no security from viewing it.
> Embedding the connection string with UID and PWD is safe
> to me as long as I can setup a weak Login ID that can do
> nothing more then execute jobs.
>
> PROBLEM: I can't figure out how to setup a Login with
> this limited authority.  The best I found was to give
> the "JobRunner" login a server role of "dbcreator".  It
> works fairly well to prevent users from viewing table
> data (our main concern) but they can still obviously
> perform serious damage with permission to ALTER and DROP
> tables.
>
> I've tried setting up the job owner to be "JobRunner" and
> giving the Login no rights other then "Public".  However,
> it didn't work.
>
> Any suggestions?  Thanks in advance.