Permissions Required by Client Applications
Notification Services applications typically use one or more external client applications. The most common type of client application is the subscription management interface, which adds, modifies, and deletes subscribers and subscriptions. Many applications also use non-hosted event providers to collect and submit events.
Client applications are not run by the Notification Services engine. Because these applications run independently from Notification Services, the developer of the application must determine how the applications will access SQL Server and what accounts the applications will use. However, the accounts used by subscription management interfaces and non-hosted event providers must have the proper permissions in the instance's databases. These permissions are detailed below.
Permission to access the Notification Services binary files is granted through membership in the SQLServer2005NotificationServicesUser$ComputerName Windows group. Most client applications do not require membership in this group because the Notification Services assemblies and resources are registered in the global assembly cache (GAC) and instance information is stored in the registry.
Permissions Required by Subscription Management Interfaces
Subscription management interfaces must be able to read and write subscriber and subscription data. These permissions are granted through membership in the NSSubscriberAdmin database roles. Make sure to add the subscription management application's user account to this database role in each database used by the instance and its applications.
Permissions Required by Non-Hosted Event Providers
Non-hosted event providers must be able to read instance data and write event data. These permissions are granted through membership in the NSEventProvider database role. Make sure to add the event provider's user account to this database role in each database used by the instance and its applications.