It has always been my understanding that if I run something from Query
Ananlyzer, it was run under the account that Im logged into it as? And that
if I run that same code in a job, it would be run under the account that SQL
Server Agent was run as? So heres what happened while logged into QA as a
Domain Admin:
1. I tried to Restore a db from a backup and it said "Access is denied" in
the Error Log.
2. I assigned Full Control to the SQL Server Agent account (not a Domain
Admin) on the folder that contains the backup.
3. Now, still logged into QA as the Domain Admin, the Restore works.
Why would this be? Do Restores actually run under the account that the Agent
runs under?
SQL2K SP3
TIA, ChrisR
> Why would this be? Do Restores actually run under the account that the Agent
> runs under?
No, it uses the account that SQL Server uses. Which are probably the same, which in turn explains
what you experienced-
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
http://www.sqlug.se/
"ChrisR" <bla@.noemail.com> wrote in message news:OlC4FamJFHA.220@.TK2MSFTNGP10.phx.gbl...
> It has always been my understanding that if I run something from Query
> Ananlyzer, it was run under the account that Im logged into it as? And that
> if I run that same code in a job, it would be run under the account that SQL
> Server Agent was run as? So heres what happened while logged into QA as a
> Domain Admin:
> 1. I tried to Restore a db from a backup and it said "Access is denied" in
> the Error Log.
> 2. I assigned Full Control to the SQL Server Agent account (not a Domain
> Admin) on the folder that contains the backup.
> 3. Now, still logged into QA as the Domain Admin, the Restore works.
>
> Why would this be? Do Restores actually run under the account that the Agent
> runs under?
> --
> SQL2K SP3
> TIA, ChrisR
>
|||Tibor you are correct, SQL Server and the Agent are the same account. But
why would it use either of those accounts and not who I'm logged into QA as?
When else does this occur? Is this just a Restore thing?
"Tibor Karaszi" <tibor_please.no.email_karaszi@.hotmail.nomail.com> wrote in
message news:Oc$BTVnJFHA.1392@.TK2MSFTNGP10.phx.gbl...[vbcol=seagreen]
Agent
> No, it uses the account that SQL Server uses. Which are probably the same,
which in turn explains
> what you experienced-
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
> http://www.solidqualitylearning.com/
> http://www.sqlug.se/
>
> "ChrisR" <bla@.noemail.com> wrote in message
news:OlC4FamJFHA.220@.TK2MSFTNGP10.phx.gbl...[vbcol=seagreen]
that[vbcol=seagreen]
SQL[vbcol=seagreen]
a[vbcol=seagreen]
in[vbcol=seagreen]
Agent
>
|||Think of it from a technical viewpoint. It is SQL Server who reads the file to restore. For SQL
Server to open the file in *your* account, something we call "delegation" is needed. Delegation is
supported in Windows, with some configuration first. The application (SQL Server in this case) need
to be programmed for it, though. SQL Server supports delegation for some operations (linked
servers).
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
http://www.sqlug.se/
"ChrisR" <bla@.noemail.com> wrote in message news:%232PndSoJFHA.1948@.TK2MSFTNGP14.phx.gbl...
> Tibor you are correct, SQL Server and the Agent are the same account. But
> why would it use either of those accounts and not who I'm logged into QA as?
> When else does this occur? Is this just a Restore thing?
>
> "Tibor Karaszi" <tibor_please.no.email_karaszi@.hotmail.nomail.com> wrote in
> message news:Oc$BTVnJFHA.1392@.TK2MSFTNGP10.phx.gbl...
> Agent
> which in turn explains
> news:OlC4FamJFHA.220@.TK2MSFTNGP10.phx.gbl...
> that
> SQL
> a
> in
> Agent
>
|||So then what other operations would use the SQL Server account, not my
account, from QA?
"Tibor Karaszi" <tibor_please.no.email_karaszi@.hotmail.nomail.com> wrote in
message news:u6rnXyoJFHA.2356@.TK2MSFTNGP14.phx.gbl...
> Think of it from a technical viewpoint. It is SQL Server who reads the
file to restore. For SQL
> Server to open the file in *your* account, something we call "delegation"
is needed. Delegation is
> supported in Windows, with some configuration first. The application (SQL
Server in this case) need
> to be programmed for it, though. SQL Server supports delegation for some
operations (linked
> servers).
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
> http://www.solidqualitylearning.com/
> http://www.sqlug.se/
>
> "ChrisR" <bla@.noemail.com> wrote in message
news:%232PndSoJFHA.1948@.TK2MSFTNGP14.phx.gbl...[vbcol=seagreen]
But[vbcol=seagreen]
as?[vbcol=seagreen]
in[vbcol=seagreen]
the[vbcol=seagreen]
same,[vbcol=seagreen]
Query[vbcol=seagreen]
And[vbcol=seagreen]
that[vbcol=seagreen]
as[vbcol=seagreen]
denied"[vbcol=seagreen]
Domain[vbcol=seagreen]
the
>
|||The only time, AFAIK, SQL Server uses delegation is for linked servers. For all other operations,
the service account is used (regardless of whether the client application is QA, SQL Server Agent, a
web app etc.)..
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
http://www.sqlug.se/
"ChrisR" <bla@.noemail.com> wrote in message news:uqfKO2oJFHA.3960@.TK2MSFTNGP09.phx.gbl...
> So then what other operations would use the SQL Server account, not my
> account, from QA?
>
> "Tibor Karaszi" <tibor_please.no.email_karaszi@.hotmail.nomail.com> wrote in
> message news:u6rnXyoJFHA.2356@.TK2MSFTNGP14.phx.gbl...
> file to restore. For SQL
> is needed. Delegation is
> Server in this case) need
> operations (linked
> news:%232PndSoJFHA.1948@.TK2MSFTNGP14.phx.gbl...
> But
> as?
> in
> the
> same,
> Query
> And
> that
> as
> denied"
> Domain
> the
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment