I need some people to have access to troubleshoot/start/stop SQL jobs their accounts wont own in SQL 2014. To do this I've granted role membership to SQLAgentOperatorRole in msdb and revoked EXECUTE on sp_add_job, however anyone with membership to the operator role can still create jobs.
Is there no way to override the rights provided by SQLAgentOperatorRole? Or is there a way to provide members of SQLAgentReaderRole the ability to start/stop jobs they don't own as well as prevent them from creating their own jobs?
Just trying to baton down the hatch for SQL security. Any help is appreciated. Thanks.