Sql-server – Does the Sql Server Agent account need sysadmin permission

permissionssql serversql-server-2012sql-server-agent

I ran Brent Ozar's sp_blitz script, and one of the things it's complaining about is that my SQL Server Agent account has sysadmin permission. I removed the sysadmin permission, but then the agent wouldn't start. (See image below). There's nothing of note in the event log. When I restore the sysadmin permission the agent starts with no difficulty.

enter image description here

My account is a managed service account. None of the other managed service accounts I use (one for running reporting services, and one for running the SQL service) have sysadmin permission.

Is the sysadmin permission actually necessary? If not, what are the minimum permissions this account needs?

Best Answer

Per BOL: Configuring Windows Service Accounts and Permissions

SQL Server Agent Login and Privileges
The per-service SID of the SQL Server Agent service is provisioned as a Database Engine login. The per-service SID login is a member of the sysadmin fixed server role.

Best Answer

Related Solutions

Sql-server – What permissions does the service account need to use database mail

Sql-server – Linked Server Security under SQL Agent Job Context

Related Question