security issue

[swoodring]

I have sql profile that basically is the sign-on used to sign on to sql server so that they can check jobs/run jobs. I want to be able to run and see the scheduled jobs with this profile. And I figured out they have have the system administation server roles otherwise they can only see jobs that they own. Problem with that is that it gives them authority to all db's and tasks even though they don't have a login for that db. What do others do - only thing I can think of is set them up in all db's and then basically take everything away that they don't need. Looking for suggestion on security.

Thanks.

 

[aalmeida]

Create a web page that show them the job status, this way they do not need to have access to admin function on the server and all they can do is what you web app allow them to do.
Mainly never give users access to the Server or even to underline DDL (Table).
You can acomplish that with a single query:
USE msdb
select * from sysjobschedules

Loock up sysjobschedules on BOL AL Almeida
NT/DB Admin
"May all those that come behind us, find us faithfull"