You must be a member of the PolicyAdministratorRole role in the msdb database to configure Policy-Based Management settings. This role has complete control of all policies and can create policies and conditions, edit policies and conditions, and enable or disable policies.
When working with policies, keep the following in mind:
- A system administrator or database owner can subscribe a database to a policy or policy group.
- On demand policy execution occurs in the security context of the user.
- Members of the PolicyAdministratorRole role can create policies that they do not have permission to execute on an ad hoc basis.
- Members of the PolicyAdministratorRole role can enable or disable policies.
- Policies that are in the On Schedule mode use SQL Server Agent jobs that are owned by the sa login.
Although you can manage policies for each instance of SQL Server, you’ll likely reuse policies you’ve defined and then apply them to other instances of SQL Server. Being able to export and import policies is useful. However, you don’t necessarily need to move policies around to enforce the policies on multiple computers running SQL Server. Instead, you can manage policies by using a central management server.
Because SQL Server stores policy-related data in the msdb database, you should back up msdb after you change conditions, policies, or categories.Policy history for policies evaluated in the current instance of the Database Engine is maintained in msdb system tables.Policy history for policies applied to other instances of the Database Engine or applied to Reporting Services or Analysis Services is not retained.