SQL Server merge replication permissions issue

StackOverflow https://stackoverflow.com/questions/16864232

Question

I have a merge replication set up, with a publication on our dev server (SQL Server 2008 R2 SP2) and a subscription on my local machine. The publisher is acting as its own distributor. The publisher and distributor connections in the subscription properties on my local machine are using a login (from the dev server) that is in the publication access list (PAL) of the publication. If I add this login to the sysadmin server role on the publisher, everything works fine when I sync the subscription. But if I remove the login from the sysadmin server role, the sync does not work -- I get a timeout ("The operation timed out").

My understanding was that I just needed to add the login to the PAL, but I must be missing something with the necessary permissions.

Another question I have is whether it's possible to create a database role whose members would automatically be added to the PAL. I read somewhere that this is possible with SQL Server 2008 SP3; I'm wondering if it's possible with SP2. Or is there a way to create a database role that would have all necessary permissions, so that its members (users) could be used in a subscription (as the publisher and distributor connections) ?

The background of all this is that we have users who will subscribe to our publication, but we only want to replicate data based on their login. So we have filter rows on our articles that use SUSER_SNAME().

Thanks in advance.

Brad

Was it helpful?

Solution

If this is a push subscription then the Merge Agent process account used to make connections to the Publisher and Distributor must be db_owner in the distribution database, be a member of the PAL, a login associated with a user in the publication database, and have read permissions on the snapshot share.

If this is a pull subscription then the Merge Agent process account used to make connections to the Subscriber must be db_owner in the subscription database. The account used to connect to the Publisher and Distributor must be a member of the PAL, a login associated with a user in the publication and distribution databases, and have read permissions on the snapshot share.

This is all covered in the section Permissions That Are Required by Agents in Replication Agent Security Model.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top