Re: Execute permission denied on object xp_SQLagent_notify

Gabriela Nanau (Gabriela Nanau@xxxxxxxxxxxxxxxxxxxxxxxxx) writes:
SQL Server 2000, SP4. I have this login MyLogin which has access in both
msdb and master. The account is public in master and db_owner in msdb. I
have the same settings on 10 servers. I attempt to create a job, steps
and schedule. When it comes to msdb.dbo.sp_add_jobserver I got the
following messages:

Msg 229, Level 14, State 5, Procedure xp_sqlagent_is_starting, Line 7
EXECUTE permission denied on object 'xp_sqlagent_is_starting', database
'master', owner 'dbo'.
Msg 229, Level 14, State 5, Procedure xp_sqlagent_notify, Line 175
EXECUTE permission denied on object 'xp_sqlagent_notify', database
'master', owner 'dbo'.

The puzzling part here is that I got the errors on 2 servers out of the
10 above mentioned. On the other 8 the job is created successfully and
there are no explicit rights granted or denied on these particular XPs.

Question: What are the minimum requirements to execute the above 2 XP?
They are not documented by Microsoft or it seems I cannot find much on
them. There is always the possibility to explicitly GRANT access to them
for MyLogin, but the question remains: why is it working on 8 servers
and not working on the other 2. Must be some other setting somewhere!

I would guess this is a owner-chaining issue. Since there are no perms
granted to revoked to these SP:s, MyLogin should not be able to execute
these procedures directly on any server.

However, when MyLogin runs sp_add_jobserver, permission is granted
through ownership chaining, if the two procedures have the same owner.
To have this:
1) The two databases must have the same owner.
2) Cross-DB chaining must be enabled for the databases.

According to Books Online is DB chaining always on for master and msdb,
so my guess is that on the two servers you have problem, master and msdb
have different owners.


--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
.

Relevant Pages

  • Chuck, Help! File sharing network issue
    ... Master browser name is: KENSGATEWAY ... backup servers retrieved from master KENSGATEWAY ... Checking \\CAROLYNCOMPUTER...Unable to open Service Control Manager database ...
    (microsoft.public.windowsxp.network_web)
  • Re: Access to computer in network denied
    ... > Master browser name is: ... > 1 backup servers retrieved from master OFFICE ... > There are 2 servers in domain MSHOME on transport ...
    (microsoft.public.windowsxp.network_web)
  • Re: Execute permission denied on object xp_SQLagent_notify
    ... it was probably then when the owner changed. ... USE msdb ... EXECUTE permission denied on object 'xp_sqlagent_is_starting', database ... The puzzling part here is that I got the errors on 2 servers out of the 10 ...
    (microsoft.public.sqlserver.security)
  • Re: Cant see computer in Network Places
    ... I checked each computer of the eight that are servers they are ... Master browser name is: KEVINSVAIO ... There are 8 servers in domain HOME on transport ...
    (microsoft.public.windowsxp.network_web)
  • Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ
    ... servers aren't showing up in the NTDSUTIL when I connect to the domain and do ... Since DomainController3 is showing up as the Infrastructure Master in ADUC, ...
    (microsoft.public.windows.server.active_directory)