0

I wrote an application to use SQL SMO to find all SQL Servers, databases, jobs and job outcomes. This application is executed through a scheduled task using a local service account. This service account is local to the application server only and is not present in any SQL Server to be inspected. I am having problems getting information on job and job outcomes when connecting to the servers using a user with dbReader rights on system tables. If we set the user to be sysadmin on the server it all works fine.

My question to you is: What are the minimum privileges a local SQL Server user needs to have in order to connect to the server and inspect jobs/job outcomes using the SQL SMO API?

I connect to each SQL Server by doing the following:

var conn = new ServerConnection
      {
       LoginSecure = false,
       ApplicationName = "SQL Inspector",
       ServerInstance = serverInstanceName,
       ConnectAsUser = false,
       Login = user,
       Password = password
      };
var smoServer = new Server (conn);

I read the jobs by reading smoServer.JobServer.Jobs and read the JobSteps property on each of these jobs.

The variable server is of type Microsoft.SqlServer.Management.Smo.Server. user/password are of the user found in each SQL Server to be inspected.

If "user" is SysAdmin on the SQL Server to be inspected all works ok, as well as if we set ConnectAsUser to true and execute the scheduled task using my own credentials, which grants me SysAdmin privileges on SQL Server per my Active Directory membership.

Thanks!

4

1 回答 1

1

我自己刚刚经历过。从 SQL 联机丛书,这就是我发现的...

要获取或设置作业对象属性,用户必须是 MSDB 数据库上 SQLAgentUserRole 数据库角色的成员,或者是作业的所有者,或者是 sysadmin 固定服务器角色的成员。

要创建作业,用户必须是 MSDB 数据库上 SQLAgentUserRole、SQLAgentReaderRole 和 SQLAgentOperatorRole 数据库角色的成员,或者是 sysadmin 固定服务器角色的成员。

要删除作业,用户必须是 MSDB 数据库上 SQLAgentUserRole 数据库角色的成员,或者是作业的所有者,或者是 sysadmin 固定服务器角色的成员。

于 2010-06-09T03:13:29.580 回答