I thought that granting execution rights to that XP would be enough, but it
seems it is not. Now, everytime a user (not administrator) tries to execute
that XP they get the following error:
xpsql.cpp: Error 997 from GetProxyAccount on line 472
What should I do to allow my users execute that XP and hence, be able to
write out a simple text file ?
Thanks in advance.
See BOL on xp_cmdshell and xp_sqlagent_proxy_account or go into SQL
Enterprise Mangler, right click on SQL Agent, select properties, "Job
System" tab. Clear the "Only users with sysadim privileges ..." checkbox and
pick an account.
I'd also not grant the users direct access to xp_cmdshell, but write a
stored procdeure to do what you need and grant the users rights to that.
HTH
Cheers,
Alasdair Cunningham-Smith
MCSD MCSE MCDBA
"David Lightman Robles" <nospam_dlig...@iname.com_nospam> wrote in
message news:uinmn6PTBHA.432@tkmsftngp07...
Thanks.
"Alasdair Cunningham-Smith" <alasdair@euphony-dot-net> escribió en el
mensaje news:trpjgk1...@corp.supernews.com...
Look up "ownership chains" in the index in BOL.
Providing you create the wrapper proc as dbo (log in as sa or member of
SysAdmins fixed server rolee) you can don't need to grant users direct
access to xp_cmdshell. That covers offering users restricted access to any
other dbo owned object in fact.
However, xp_cmdshell internally finds out whether it was called by a member
of SysAdmins, and if not checks the proxy account set by
xp_sqlagent_proxy_account (which you hadn't yet set, hence the xpsql.cpp
error) and uses NT system calls (ImpersonateUser) to run the command in the
specified account.
Clear as mud now, I'm sure.
--
Cheers,
Alasdair Cunningham-Smith
MCSD MCSE MCDBA
"David Lightman Robles" <nospam_dlig...@iname.com_nospam> wrote in
message news:OFLIScWTBHA.1608@tkmsftngp07...
Thanks again.
"Alasdair Cunningham-Smith" <alasdair@euphony-dot-net> escribió en el
mensaje news:trr92tl...@corp.supernews.com...