...oftentimes, an application needs to access external system resources, such as files, the network, environment variables, or the registry. For example, the application could need to run the xp_cmdshell extended stored procedure to invoke a Windows command shell, and execute a shell command to retrieve a list of files under a directory. Or, a SQL Server Agent job is scheduled by the application to perform maintenance tasks. This job has an Active Scripting job step or a Web Service task to call a Web Service in order to verify geographic and zip code information.
...When the xp_cmdshell extended stored procedure is executed by a member of the sysadmin fixed server role, the Windows process of the command shell runs with the security context of the SQL Server service account.
When a job owned by a member of the sysadmin role runs, its Active Scripting job steps run under the security of the SQL Server Agent service account.
However, in most companies, the DBA roles and the application developer roles are often separated. Due to security concerns, the application developers are not allowed to have the sysadmin permissions. To allow application developers to access external resources without giving them excessive permissions, SQL Server provides the solution of proxy accounts.
Source: Proxy Accounts in SQL Server
www.databasejournal.com/features/mssql/article.php/3789881/
Proxy-Accounts-in-SQL-Server.htm
Other:
INF: How to Run a DTS Package as a Scheduled Job
http://support.microsoft.com/kb/269074
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment