SQL Server 2005 presents a wide range of proxy categories. Within those categories,
you can create multiple proxy accounts and select which one you want to use for any
given job step, as shown in Figure 5-3.
Figure 5-3. SQL Server 2005??™s proxy categories??”a major improvement over the single-proxy
account made available by SQL Server 7.0 and 2000
If you don??™t specify a proxy account, the job will run under the SQL Agent account,
as shown in Figure 5-4. Be careful how much power you give SQL Agent in the first place
(no domain administrators, please).
CHAPTER 5 n CREATING A BACKUP/RECOVERY PLAN 118
Figure 5-4.Without a proxy defined, the job step runs as the SQL Agent service account.
Be sure to take time to fully understand the proxy system. For large organizations,
you can use it to delegate certain management functions. Wouldn??™t it be nice for someone
else to have the responsibility of keeping an eye on replication?
If you want to use a proxy account, the process is a little more complicated (and
thus, a bit more secure) than you might imagine. Proxies get assigned both a credential,
which is an external account to use (corresponding to an Active Directory user and
group), and principles, which are the users that will act as the credential if they attempt
to use this proxy.
Pages:
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247