CHAPTER 5 n CREATING A BACKUP/RECOVERY PLAN 119
First you need to create a credential, which is the main security menu for the
instance (see Figure 5-5).
Figure 5-5. This credential, named OutgoingCredential, has its own password, but will act as
my local user account if invoked.
CHAPTER 5 n CREATING A BACKUP/RECOVERY PLAN 120
Now when you create a proxy account, you have a credential to select, as shown in
Figure 5-6. OutgoingCredential ensures that anyone using CMDExecProxy will have the security
context of SPYGLASSTAB\jluetke, plus they??™ll only have access to the operating system
(CmdExec) subsystem.
Figure 5-6. Now you can assign a credential to the new proxy CMDExecProxy.
CHAPTER 5 n CREATING A BACKUP/RECOVERY PLAN 121
Finally, you need to force users to use the proxy account. You do this by assigning
principles to the proxy, as shown in Figure 5-7. If any of these users or roles create a job
step calling a command-line job, they??™ll execute it under the security context of
SPYGLASSTAB\jluetke.
Figure 5-7. You can assign SQL logins, MSDB roles, or server roles as principals for a proxy.
Pages:
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248