Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
steppinthrax
Starting Member
27 Posts |
 Posted - 2011-04-05 : 07:35:07
|
| I was curious if it's ok to make the owner of a SQL Job "sa". We were told that it's not best practice. However, I was talking to someone who's a DBA, he indicated all of his jobs run as SA and that it really dosen't matter, the only problem is that if that job you have does something damaging to the database and it runs under SA, then SA can perform that action "because it has all rights". |
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2011-04-05 : 07:58:54
|
| I set all my jobs to sa for the latter reason, so I don't have to fiddle with login rights to get them to run. Also, sa is a permanent login, whereas other SQL or Windows logins may get deleted or have their permissions restricted.The only case I could imagine where using sa is not a "best practice" is if you have stringent security requirements and the jobs should only have minimal access. |
 |
|
|
jeffw8713
Aged Yak Warrior
819 Posts |
Posted - 2011-04-05 : 15:43:07
|
| I agree with robvolk and set mine up the same way. Where I will not do this is if I have developer's who need to have access to create and manage agent jobs. Then, those jobs will be created and run from their accounts.I would not let a developer create a job that would be run under privileged accounts. If that is needed, it comes to me and I review it before creating the job.Jeff |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
|
|
chris_wood99
Yak Posting Veteran
70 Posts |
Posted - 2011-04-06 : 12:34:57
|
| In SQL2008 Best practice is to create a proxy account & run them under that.But if security is not that much of an issue, sa is good. Just dont tlet them be random people's windows accounts that will fail later when they leave or the passwords are changed |
|
|
|
|
|
|
|
|
Sql Agent Job Owner as "sa"