Quick… how do you give someone read only access to the Job Activity Monitor?
Why you grant them SQLAgentReaderRole access in msdb…. WRONG
http://technet.microsoft.com/en-us/library/ms188283.aspx
The SQLAgentReaderRole is a reader role for the jobs that currently exist but wait here is where the good (or bad depending on if you’re in a good mood or not) part comes in.
Me – “Hey Mr Developer I made this change in UAT you should now be able to view the job activity monitor… just for my own curiousity I’m going to come by can you try to execute, delete, update jobs that are there. ”
Mr Developer – “nope… can’t do anything like that”
Me – “Great… can you create a new job”
Mr Developer – “Yup”
Me – ” *sigh* I hate (and by hate I mean it in a love/hate kinda way) Microsoft
That’s right folks… SQLAgentReaderRole can create jobs. So although it’s called SQLAgentReaderRole be careful granting this access cause whomever you add to this role can create new jobs.
UPDATE will come if/when I find or create a usable solution
