Snapshot Agent Security

APPLIES TO: YesSQL Server YesAzure SQL Managed Instance NoAzure Synapse Analytics (SQL DW) NoParallel Data Warehouse

The Snapshot Agent Security dialog box allows you to specify:

  • The Microsoft Windows account under which the Snapshot Agent runs at the Distributor. The Windows account is also referred to as the process account, because the agent process runs under this account.

  • The context under which the Snapshot Agent makes connections to the Microsoft SQL Server Publisher. The connection can be made by impersonating the Windows account or under the context of a SQL Server account you specify.

    Note

    The Snapshot Agent makes connections to the Publisher even if the Publisher and Distributor are on the same computer. The Snapshot Agent also makes connections to the Distributor; these connections are always made by impersonating the Windows account under which the agent runs.

    For Oracle Publishers, specify the context under which the Snapshot Agent connects to the Publisher in the Publisher Properties dialog box (available from the Distributor Properties dialog box). For more information, see View and Modify Replication Security Settings.

All accounts must be valid, with the correct password specified for each account. Accounts and passwords are not validated until an agent runs.

Options

Process account
Enter a Windows account under which the Snapshot Agent runs at the Distributor. The Windows account you specify must:

  • At minimum be a member of the db_owner fixed database role in the distribution database.

  • Have write permissions on the snapshot share.

Password and Confirm password
Enter the password for the Windows account.

Connect to the Publisher
Select whether the Snapshot Agent should make connections to the Publisher by impersonating the account specified in the Process account text box or by using a SQL Server account. If you select to use a SQL Server account, enter a SQL Server login and password.

Note

It is recommended that you select to impersonate the Windows account rather than using a SQL Server account.

The Windows account or SQL Server account used for the connection must at minimum be a member of the db_owner fixed database role in the publication database.

See Also

Identity and access control for replication
Replication Agent Security Model
Replication Agents Overview
Replication Security Best Practices