2

I have a merge replication set up, with a publication on our dev server (SQL Server 2008 R2 SP2) and a subscription on my local machine. The publisher is acting as its own distributor. The publisher and distributor connections in the subscription properties on my local machine are using a login (from the dev server) that is in the publication access list (PAL) of the publication. If I add this login to the sysadmin server role on the publisher, everything works fine when I sync the subscription. But if I remove the login from the sysadmin server role, the sync does not work -- I get a timeout ("The operation timed out").

My understanding was that I just needed to add the login to the PAL, but I must be missing something with the necessary permissions.

Another question I have is whether it's possible to create a database role whose members would automatically be added to the PAL. I read somewhere that this is possible with SQL Server 2008 SP3; I'm wondering if it's possible with SP2. Or is there a way to create a database role that would have all necessary permissions, so that its members (users) could be used in a subscription (as the publisher and distributor connections) ?

The background of all this is that we have users who will subscribe to our publication, but we only want to replicate data based on their login. So we have filter rows on our articles that use SUSER_SNAME().

Thanks in advance.

Brad

Brandon Williams
  • 3,695
  • 16
  • 19
user1360192
  • 53
  • 1
  • 4

1 Answers1

3

If this is a push subscription then the Merge Agent process account used to make connections to the Publisher and Distributor must be db_owner in the distribution database, be a member of the PAL, a login associated with a user in the publication database, and have read permissions on the snapshot share.

If this is a pull subscription then the Merge Agent process account used to make connections to the Subscriber must be db_owner in the subscription database. The account used to connect to the Publisher and Distributor must be a member of the PAL, a login associated with a user in the publication and distribution databases, and have read permissions on the snapshot share.

This is all covered in the section Permissions That Are Required by Agents in Replication Agent Security Model.

Brandon Williams
  • 3,695
  • 16
  • 19
  • Thanks, Brandon. In my Publication Properties, under Snapshot, I've checked off "Put files in the following folder"; the file path is a share somewhere on our network. Does "have read permissions on the snapshot share" mean that the account I'm using for the publisher and distributor connections needs to have read permissions on the folder that is the location of the snapshot files ? – user1360192 May 31 '13 at 20:09
  • Sorry for the delay, yes, the account you are using for the publisher and distributor connections needs to have read permissions on the snapshot folder. – Brandon Williams Jun 04 '13 at 15:20
  • I hadn't added the user to my distribution database. Once I did that, everything worked fine. Thanks again, Brandon. – user1360192 Jun 06 '13 at 20:38