Menu
Put differently, should I always set the job owner to sa for a SQL job, even though it defaults to the user who created it?
679
The best practices recommend you set all job owners to SA account. Note: You might have a different approach, such as creating an account or login specifically for SQL Agent jobs.
There are only two ways that someone can have permission to execute a SQL Agent job. You must either own the job, or be a member of the role SQLAgentOperatorRole (found in msdb). Unfortunately SQLAgentOperatorRole grants permissions to run any job (among other things).
The owner of a job is the context of the account, that the SQL Agent Job runs as. This account by default will be the user that creates this job.
Similar to Windows services, SQL Agent Jobs run under a user or service account configured in the job. Job failures can occur when there are permission or authentication issues with the user or service account. Common issues include: Account expired.
Any jobs that are owned by a user will cease to run if that user is disabled or deleted. The jobs may also not run if there is an Active Directory problem at run time. Brent Ozar has an article about this on his website: http://www.brentozar.com/blitz/jobs-owned-by-user-accounts/
72
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
