SQL Server Agent account

Mar 1, 2010 at 8:48 PM

Hi, what sort of access does the SQL Server Agent account have to have for the databases it is evaluating?

I noticed that I could register an instance that my account had access to, but the job could not access the data because the SQL Server Agent account had no access. When I changed SQL Server Agent to use my ID, things worked properly. Ideally I would like to provide it limited access and switch the service account back to our standard.

Thanks much,

Howard

Mar 1, 2010 at 9:13 PM

Sorry,

I found the answer at the end of the EPMF document.

 

Security

When polices are evaluated through PowerShell, they will execute the policy evaluation in the context of the user issuing the evaluation.  This account will require access to all instances and database objects the script will evaluate.  The level of permissions will depend on what the policy is evaluating.  This extends to the execution account used in a scheduling agent.  In SQL Server 2008, the SQL Server Agent job step executes in the context of a specific user.  This user may be a proxy account.  The account that is specified in the SQL Server Agent step must have access to all objects on all instances that the PowerShell script will be evaluating. 

Prior to setting up the SQL Server Agent job, be sure to set up a Proxy Account that has the appropriate rights on the remote instances to evaluate the policies.  See Use a SQL Agent Proxy for Special Tasks for details on configuring a proxy account.