"pdx" <pdx@discussions.microsoft.com> wrote in message
news:D4195AE2-D7D7-499F-BA06-29A54A76B730@microsoft.com...
> To summarize my situation:
> Clients running SQL 2005 Express Edition clients subscribe to a
> publication
> on a SQL 2005 Server. Users of the clients are in a group which has a
> login
> to the server and as of now (due to needing to test functionality) that
> group
> has dbo_owner on the db in question and the group is in the PAL.
> Subcription/replication works fine as of now.
>
> I need to know the level of permission I need to provide the group in
> order
> for replication to work as it is now. I'd guess that dbo_owner is too
> high
> but I haven't been able what role is appropriate. What I have been able to
> stumble upon in BOL is not definitive.
>
> According to the BOL:
>
> When using the PAL, follow these guidelines:
>
> Follow the principle of least privilege by allowing logins in the PAL only
> the permissions they need to perform replication tasks. Do not add the
> logins
> to any fixed database roles or server roles that are not required for
> replication.
> **
>
> What I haven't been able to locate is "the database or server roles that
> are
> not required for replication" or - inversely - the database or server
> roles
> that are required for replication.
>
> What role(s) should I assign to the account(s) in the PAL?
>
> Thanks

"Hilary Cotter" wrote:

> For transactional they must have dbo rights in the distribution database on
> the publisher/distributor as well. For merge they can be a group in the
> public role in the publication database, but also must be in the PAL.
>
> --
> Hilary Cotter
> Director of Text Mining and Database Strategy
> RelevantNOISE.Com - Dedicated to mining blogs for business intelligence.
>
> This posting is my own and doesn't necessarily represent RelevantNoise's
> positions, strategies or opinions.
>
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602.html
>
> Looking for a FAQ on Indexing Services/SQL FTS
> http://www.indexserverfaq.com
>
>
>
> "pdx" <pdx@discussions.microsoft.com> wrote in message
> news:D4195AE2-D7D7-499F-BA06-29A54A76B730@microsoft.com...
> > To summarize my situation:
> > Clients running SQL 2005 Express Edition clients subscribe to a
> > publication
> > on a SQL 2005 Server. Users of the clients are in a group which has a
> > login
> > to the server and as of now (due to needing to test functionality) that
> > group
> > has dbo_owner on the db in question and the group is in the PAL.
> > Subcription/replication works fine as of now.
> >
> > I need to know the level of permission I need to provide the group in
> > order
> > for replication to work as it is now. I'd guess that dbo_owner is too
> > high
> > but I haven't been able what role is appropriate. What I have been able to
> > stumble upon in BOL is not definitive.
> >
> > According to the BOL:
> >
> > When using the PAL, follow these guidelines:
> >
> > Follow the principle of least privilege by allowing logins in the PAL only
> > the permissions they need to perform replication tasks. Do not add the
> > logins
> > to any fixed database roles or server roles that are not required for
> > replication.
> > **
> >
> > What I haven't been able to locate is "the database or server roles that
> > are
> > not required for replication" or - inversely - the database or server
> > roles
> > that are required for replication.
> >
> > What role(s) should I assign to the account(s) in the PAL?
> >
> > Thanks
>
>