合并代理安全性Merge Agent Security

适用于:Applies to: 是SQL ServerSQL Server(所有支持的版本)yesSQL ServerSQL Server (all supported versions) 适用于:Applies to: 是SQL ServerSQL Server(所有支持的版本)yesSQL ServerSQL Server (all supported versions)

可以使用“合并代理安全性”对话框指定用于运行合并代理的 MicrosoftMicrosoft Windows 帐户。The Merge Agent Security dialog box allows you to specify the MicrosoftMicrosoft Windows account under which the Merge Agent runs. 对于推送订阅,合并代理在分发服务器上运行;对于请求订阅,合并代理在订阅服务器上运行。The Merge Agent runs at the Distributor for push subscriptions and at the Subscriber for pull subscriptions. Windows 帐户也称为“进程帐户 ”,因为代理进程是在此帐户下运行。The Windows account is also referred to as the process account, because the agent process runs under this account. 该对话框中可用的其他选项取决于访问对话框的方式:Additional options available in the dialog box depend on how you access it:

  • 如果从新建订阅向导访问该对话框,您还可以指定合并代理在建立与订阅服务器(对于推送订阅)或发布服务器和分发服务器(对于请求订阅)的连接时所使用的上下文。If the dialog box is accessed from the New Subscription Wizard, it also allows you to specify the context under which the Merge Agent makes connections to the Subscriber (for push subscriptions) or the Publisher and Distributor (for pull subscriptions). 可以使用 Windows 帐户或在指定的 MicrosoftMicrosoft SQL ServerSQL Server 帐户的上下文中建立连接。The connection can be made using the Windows account or under the context of a MicrosoftMicrosoft SQL ServerSQL Server account you specify.

  • 如果从 “订阅属性” 对话框访问该对话框,可通过单击该对话框的 “订阅服务器连接”“发布服务器连接” 行中的属性按钮 ( ... ) 来指定合并代理建立连接时所使用的上下文。If the dialog box is accessed from the Subscription Properties dialog box, specify the context under which the Merge Agent makes connections by clicking the properties button (...) in the Subscriber Connection or Publisher Connection row of that dialog box. 有关访问“订阅属性” 对话框的详细信息,请参阅查看和修改推送订阅属性和如何查看和修改请求订阅属性For more information about accessing the Subscription Properties dialog box, see View and Modify Push Subscription Properties and how to: View and Modify Pull Subscription Properties.

所有帐户必须是有效的,并且为每个帐户指定了正确的密码。All accounts must be valid, with the correct password specified for each account. 在运行代理之前不会对帐户和密码进行验证。Accounts and passwords are not validated until an agent runs.

选项Options

进程帐户Process Account
输入运行合并代理所使用的 Windows 帐户。Enter a Windows account under which the Merge Agent runs.

  • 对于推送订阅,该帐户必须:For push subscriptions, the account must:

    • 至少是分发数据库中的 db_owner 固定数据库角色的成员。At minimum be a member of the db_owner fixed database role in the distribution database.

    • 是 PAL 的成员。Be a member of the PAL.

    • 是与发布数据库中的某个用户关联的登录名。Be a login associated with a user in the publication database.

    • 对快照共享拥有读取权限。Have read permissions on the snapshot share.

  • 对于请求订阅,该帐户必须至少为订阅数据库中的 db_owner 固定数据库角色的成员。For pull subscriptions, the account must at minimum be a member of the db_owner fixed database role in the subscription database.

如果在建立连接时模拟进程帐户,则还需要其他权限。Additional permissions are required if the process account is impersonated when connections are made. 请参阅下面的 “连接到发布服务器和分发服务器”“连接到订阅服务器” 部分。See the Connect to the Publisher and Distributor and Connect to the Subscriber sections below.

由于 SQL Server ExpressSQL Server Express 实例上未运行合并代理,因此不能为对 MicrosoftMicrosoft SQL Server ExpressSQL Server Express 的请求订阅指定“进程帐户”。Process Account cannot be specified for pull subscriptions to MicrosoftMicrosoft SQL Server ExpressSQL Server Express, because the Merge Agent does not run on instances of SQL Server ExpressSQL Server Express.

“密码”“确认密码”Password and Confirm Password
输入 Windows 帐户的密码。Enter the password for the Windows account.

“连接到发布服务器和分发服务器”Connect to the Publisher and Distributor
对于推送订阅,始终通过模拟在 “进程帐户” 文本框中指定的帐户来建立与发布服务器和分发服务器的连接。For push subscriptions, connections to the Publisher and Distributor are always made by impersonating the account specified in the Process account text box.

对于请求订阅,请选择合并代理是通过模拟在 “进程帐户” 文本框中指定的帐户,还是通过使用 SQL ServerSQL Server 帐户来建立与发布服务器和分发服务器的连接。For pull subscriptions, select whether the Merge Agent should make connections to the Publisher and Distributor by impersonating the account specified in the Process account text box or by using a SQL ServerSQL Server account. 如果选择使用 SQL ServerSQL Server 帐户,请输入 SQL ServerSQL Server 登录名和密码。If you select to use a SQL ServerSQL Server account, enter a SQL ServerSQL Server login and password.

备注

MicrosoftMicrosoft 建议您选择模拟 Windows 帐户,而不要使用 SQL ServerSQL Server 帐户。recommends that you select to impersonate the Windows account rather than using a SQL ServerSQL Server account.

连接所用的 Windows 帐户或 SQL ServerSQL Server 帐户必须:The Windows account or SQL ServerSQL Server account used for the connection must:

  • 是 PAL 的成员。Be a member of the PAL.

  • 是与发布数据库中的某个用户关联的登录名。Be a login associated with a user in the publication database.

  • 是与分发数据库中的用户关联的登录名(用户可以是 Guest 用户)。Be a login associated with a user in the distribution database (the user can be the Guest user).

  • 对快照共享拥有读取权限。Have read permissions on the snapshot share.

“连接到订阅服务器”Connect to the Subscriber
对于请求订阅,始终通过模拟 “进程帐户” 文本框中指定的帐户来建立与订阅服务器的连接。For pull subscriptions, connections to the Subscriber are always made by impersonating the account specified in the Process account text box.

对于推送订阅,请选择合并代理是通过模拟在 “进程帐户” 文本框中指定的帐户,还是通过使用 SQL ServerSQL Server 帐户来建立与发布服务器和分发服务器的连接。For push subscriptions, select whether the Merge Agent should make connections to the Publisher and Distributor by impersonating the account specified in the Process account text box or by using a SQL ServerSQL Server account. 如果选择使用 SQL ServerSQL Server 帐户,请输入 SQL ServerSQL Server 登录名和密码。If you select to use a SQL ServerSQL Server account, enter a SQL ServerSQL Server login and password.

备注

建议您选择模拟 Windows 帐户,而不要使用 SQL ServerSQL Server 帐户。It is recommended that you select to impersonate the Windows account rather than using a SQL ServerSQL Server account.

连接订阅服务器所用的 Windows 帐户或 SQL ServerSQL Server 帐户必须至少为订阅数据库中的 db_owner 固定数据库角色的成员。The Windows account or SQL ServerSQL Server account used for the connection to the Subscriber must at minimum be a member of the db_owner fixed database role in the subscription database.

另请参阅See Also

管理复制中的登录名和密码 Manage Logins and Passwords in Replication
复制代理安全模式 Replication Agent Security Model
复制代理概述 Replication Agents Overview
Replication Security Best Practices Replication Security Best Practices
订阅发布Subscribe to Publications