In the book <Inside SQL Server 2005 Tools>,
there is a paragraph as below:
=====================
Warning
In an ideal world, members of SQLAgentReaderRole and SQLAgentOperatorRole would be restricted to viewing and acting upon only those jobs that run in the databases to which they have access. Unfortunately, the SQL Server Agent security model does not allow this finer-granularity filtering. Therefore, when you make a user a member of these roles you must realize the implied security consequences to avoid unintentional information disclosure.
=====================
What is meaning of the sentence in red above?
Members of these database roles can view and execute jobs that they own, and create job steps that run as an existing proxy account, if you use.
No comments:
Post a Comment