Hello,
Looking for best practices here. Our SQL jobs in production are owned by application IDs, not individual users. What I am reading is you must be a sysadmin to change a job, or be able to login as that application ID. What do other IT shops do? Give the application password to the developers in production? Or do other IT shops really give their developers sysadmin in production environments? Or do you require all job changes to go through DBAs in production?
We have 2 solutions - set up an application account to own the jobs, where the development team all have the password. This has an issue for me because it lacks accountability - you don't know who logged in and changed what.
Solution 2 was to create an AD security group with the developers included. This provided accountability since they would log in with their own id, but required they be granted sysadmin to change the jobs! This model also threw errors even for creating jobs, aside from the sysadmin grant, which would not be acceptable in production.
The 3rd solution is for all job changes to go through the DBAs. The development teams are baulking at this, but is this the "right" way? What is the best practice for job modification in production?
Input appreciated,
Dianne