Re: Permission to execute jobs but nothing else
From: Jasper Smith (email@example.com)
From: "Jasper Smith" <firstname.lastname@example.org> Date: Fri, 4 Apr 2003 19:27:31 +0100
Since this is being run on the server and kicked off by SQLAgent
if you specify Integrated Security=SSPI then it will use NT Authentication
to run your script, no need for user name or password. You can
use VBScript directly in a job step using an ActiveX Script job step type
You can also do what you want using TSQL or calling xp_sqlmaint
Why are you approaching this by using an external script ?
-- HTH Jasper Smith (SQL Server MVP) I support PASS - the definitive, global community for SQL Server professionals - http://www.sqlpass.org "Mike M." <email@example.com> wrote in message news:firstname.lastname@example.org... > I have built some maintenance vb-scripts that perform > repetitive tasks such as integrity checks and backups. > This script is executed by a scheduled SQL job which > executes a CSCRIPT command pointing to this script on the > hard drive. > > Performing these tasks requires you to obviously open a > connection to SQL Server. Since this script is a plain > ascii file there is no security from viewing it. > Embedding the connection string with UID and PWD is safe > to me as long as I can setup a weak Login ID that can do > nothing more then execute jobs. > > PROBLEM: I can't figure out how to setup a Login with > this limited authority. The best I found was to give > the "JobRunner" login a server role of "dbcreator". It > works fairly well to prevent users from viewing table > data (our main concern) but they can still obviously > perform serious damage with permission to ALTER and DROP > tables. > > I've tried setting up the job owner to be "JobRunner" and > giving the Login no rights other then "Public". However, > it didn't work. > > Any suggestions? Thanks in advance.