Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
DBADave
Constraint Violating Yak Guru
366 Posts |
 Posted - 2004-12-16 : 22:45:24
|
| Is distributor_admin needed if the distribution database and the publications reside on the same server?Also, does distributor_admin need to have sysadmin permission or can it have a lower level of permission?Thanks, Dave |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-12-17 : 15:15:52
|
| distributer_admin will be the owner of quite a few jobs when replication is setup, so I don't think you'd want to delete it. Not sure what exact permissions it needs, but since replication created the account and granted that server role, I've always left it alone. I suspect it does something with xp_cmdshell to do the snapshots.Tara |
 |
|
|
DBADave
Constraint Violating Yak Guru
366 Posts |
Posted - 2004-12-17 : 15:28:20
|
| I have auditors asking me to restrict the permissions of this account. I haven't been able to locate any documentation indicating that it is ok to do this so I am very hesitant to lower the permissions.I questioned the need for the login id because BOL indicates it is needed for remote distributions. I had always assumed it was needed for all distributions (local and remote). Thanks, Dave |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-12-17 : 15:38:43
|
| I just read BOL about the account and it certainly suggests that you only need it for remote setups. But I guess the only way to really find out is to test it out on a test system.Tara |
|
|
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2004-12-20 : 06:35:15
|
| yes you can restrict it to db_datareader and db_datawriter after the objects are setup,but problem is what if you need to reinitialize or invalidate the snapshot? you need to apply the permissions again, db_ddladmin atleast. just change the password so it's more secured if you think the password has been compromised. use sp_changedistributor_password--------------------keeping it simple... |
|
|
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2004-12-20 : 06:40:49
|
| interesting...i added another article with db_datareader and db_datawriter, no errors. my guess is because it's local and it impersonates the server account, if it's remote, you need to input the subscriber's account anyways or impersonate the account of the distributor.--------------------keeping it simple... |
|
|
|
|
|
|
Is distributor_admin needed?