You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/relational-databases/replication/security/identity-and-access-control-replication.md
+30-29
Original file line number
Diff line number
Diff line change
@@ -19,34 +19,35 @@ caps.latest.revision: 8
19
19
author: "BYHAM"
20
20
ms.author: "rickbyh"
21
21
manager: "jhubbard"
22
+
ms.workload: "Inactive"
22
23
---
23
24
# Identity and Access Control (Replication)
24
-
Authentication is the process by which an entity (typically a computer in this context) verifies that another entity, also called a *principal*, (typically another computer or user) is who or what it claims to be. Authorization is the process by which an authenticated principal is given access to resources, such as a file in the file system, or a table in a database.
25
-
26
-
Replication security uses authentication and authorization to control access to replicated database objects and to the computers and agents involved in replication processing. This is accomplished through three mechanisms:
27
-
28
-
- Agent security
29
-
30
-
The replication agent security model allows fine-grained control over the accounts under which replication agents run and make connections. For detailed information about the agent security model, see [Replication Agent Security Model](../../../relational-databases/replication/security/replication-agent-security-model.md). For information about setting logins and passwords for agents, see [Manage Logins and Passwords in Replication](../../../relational-databases/replication/security/manage-logins-and-passwords-in-replication.md).
31
-
32
-
- Administration roles
33
-
34
-
Ensure that the correct server and database roles are used for replication setup, maintenance, and processing. For more information, see [Security Role Requirements for Replication](../../../relational-databases/replication/security/security-role-requirements-for-replication.md).
35
-
36
-
- The publication access list (PAL)
37
-
38
-
Grant access to publications through the PAL. The PAL functions similarly to a [!INCLUDE[msCoName](../../../includes/msconame-md.md)] Windows access control list. When a Subscriber connects to the Publisher or Distributor and requests access to a publication, the authentication information passed by the agent is checked against the PAL. For more information and best practices for the PAL, see [Secure the Publisher](../../../relational-databases/replication/security/secure-the-publisher.md).
39
-
40
-
## Filtering Published Data
41
-
In addition to using authentication and authorization to control access to replicated data and objects, replication includes two options to control what data is available at a Subscriber: column filtering and row filtering. For more information about filtering, see [Filter Published Data](../../../relational-databases/replication/publish/filter-published-data.md).
42
-
43
-
When you define an article, you can publish only those columns that are necessary for the publication, and omit those that are unnecessary or contain sensitive data. For example, when publishing the **Customer** table from the Adventure Works database to sales representatives in the field, you can omit the **AnnualSales** column, which might be relevant only to executives at the company.
44
-
45
-
Filtering published data allows you to restrict access to data and allows you to specify the data that is available at the Subscriber. For example, you can filter the **Customer** table so that corporate partners only receive information about those customers whose **ShareInfo** column has a value of "yes." For merge replication, there are security considerations if you use a parameterized filter that includes HOST_NAME(). For more, see the section "Filtering with HOST_NAME()" in [Parameterized Row Filters](../../../relational-databases/replication/merge/parameterized-filters-parameterized-row-filters.md).
46
-
47
-
## See Also
48
-
[Security and Protection (Replication)](../../../relational-databases/replication/security/security-and-protection-replication.md)
[Threat and Vulnerability Mitigation (Replication)](../../../relational-databases/replication/security/threat-and-vulnerability-mitigation-replication.md)
51
-
52
-
25
+
Authentication is the process by which an entity (typically a computer in this context) verifies that another entity, also called a *principal*, (typically another computer or user) is who or what it claims to be. Authorization is the process by which an authenticated principal is given access to resources, such as a file in the file system, or a table in a database.
26
+
27
+
Replication security uses authentication and authorization to control access to replicated database objects and to the computers and agents involved in replication processing. This is accomplished through three mechanisms:
28
+
29
+
- Agent security
30
+
31
+
The replication agent security model allows fine-grained control over the accounts under which replication agents run and make connections. For detailed information about the agent security model, see [Replication Agent Security Model](../../../relational-databases/replication/security/replication-agent-security-model.md). For information about setting logins and passwords for agents, see [Manage Logins and Passwords in Replication](../../../relational-databases/replication/security/manage-logins-and-passwords-in-replication.md).
32
+
33
+
- Administration roles
34
+
35
+
Ensure that the correct server and database roles are used for replication setup, maintenance, and processing. For more information, see [Security Role Requirements for Replication](../../../relational-databases/replication/security/security-role-requirements-for-replication.md).
36
+
37
+
- The publication access list (PAL)
38
+
39
+
Grant access to publications through the PAL. The PAL functions similarly to a [!INCLUDE[msCoName](../../../includes/msconame-md.md)] Windows access control list. When a Subscriber connects to the Publisher or Distributor and requests access to a publication, the authentication information passed by the agent is checked against the PAL. For more information and best practices for the PAL, see [Secure the Publisher](../../../relational-databases/replication/security/secure-the-publisher.md).
40
+
41
+
## Filtering Published Data
42
+
In addition to using authentication and authorization to control access to replicated data and objects, replication includes two options to control what data is available at a Subscriber: column filtering and row filtering. For more information about filtering, see [Filter Published Data](../../../relational-databases/replication/publish/filter-published-data.md).
43
+
44
+
When you define an article, you can publish only those columns that are necessary for the publication, and omit those that are unnecessary or contain sensitive data. For example, when publishing the **Customer** table from the Adventure Works database to sales representatives in the field, you can omit the **AnnualSales** column, which might be relevant only to executives at the company.
45
+
46
+
Filtering published data allows you to restrict access to data and allows you to specify the data that is available at the Subscriber. For example, you can filter the **Customer** table so that corporate partners only receive information about those customers whose **ShareInfo** column has a value of "yes." For merge replication, there are security considerations if you use a parameterized filter that includes HOST_NAME(). For more, see the section "Filtering with HOST_NAME()" in [Parameterized Row Filters](../../../relational-databases/replication/merge/parameterized-filters-parameterized-row-filters.md).
47
+
48
+
## See Also
49
+
[Security and Protection (Replication)](../../../relational-databases/replication/security/security-and-protection-replication.md)
[Threat and Vulnerability Mitigation (Replication)](../../../relational-databases/replication/security/threat-and-vulnerability-mitigation-replication.md)
Copy file name to clipboardExpand all lines: docs/relational-databases/replication/security/manage-logins-and-passwords-in-replication.md
+9-8
Original file line number
Diff line number
Diff line change
@@ -20,13 +20,14 @@ caps.latest.revision: 35
20
20
author: "BYHAM"
21
21
ms.author: "rickbyh"
22
22
manager: "jhubbard"
23
+
ms.workload: "Inactive"
23
24
---
24
25
# Manage Logins and Passwords in Replication
25
-
Specify the logins and passwords for replication agents when you configure replication. After configuring replication, you can change logins and passwords. For more information, see [View and Modify Replication Security Settings](../../../relational-databases/replication/security/view-and-modify-replication-security-settings.md). If you change the password for an account used by a replication agent, execute [sp_changereplicationserverpasswords (Transact-SQL)](../../../relational-databases/system-stored-procedures/sp-changereplicationserverpasswords-transact-sql.md).
[Replication Security Best Practices](../../../relational-databases/replication/security/replication-security-best-practices.md)
30
-
[Security and Protection (Replication)](../../../relational-databases/replication/security/security-and-protection-replication.md)
31
-
32
-
26
+
Specify the logins and passwords for replication agents when you configure replication. After configuring replication, you can change logins and passwords. For more information, see [View and Modify Replication Security Settings](../../../relational-databases/replication/security/view-and-modify-replication-security-settings.md). If you change the password for an account used by a replication agent, execute [sp_changereplicationserverpasswords (Transact-SQL)](../../../relational-databases/system-stored-procedures/sp-changereplicationserverpasswords-transact-sql.md).
Copy file name to clipboardExpand all lines: docs/relational-databases/replication/security/manage-logins-in-the-publication-access-list.md
+54-53
Original file line number
Diff line number
Diff line change
@@ -20,58 +20,59 @@ caps.latest.revision: 45
20
20
author: "BYHAM"
21
21
ms.author: "rickbyh"
22
22
manager: "jhubbard"
23
+
ms.workload: "Inactive"
23
24
---
24
25
# Manage Logins in the Publication Access List
25
-
This topic describes how to manage logins in the Publication Access List in [!INCLUDE[ssCurrent](../../../includes/sscurrent-md.md)] by using [!INCLUDE[ssManStudioFull](../../../includes/ssmanstudiofull-md.md)] or [!INCLUDE[tsql](../../../includes/tsql-md.md)]. Access to a publication is controlled by the publication access list (PAL). Logins and groups can be added and removed from the PAL.
26
-
27
-
**In This Topic**
28
-
29
-
-**Before you begin:**
30
-
31
-
[Prerequisites](#Prerequisites)
32
-
33
-
-**To manage logins in the Publication Access List, using:**
34
-
35
-
[SQL Server Management Studio](#SSMSProcedure)
36
-
37
-
[Transact-SQL](#TsqlProcedure)
38
-
39
-
## <aname="BeforeYouBegin"></a> Before You Begin
40
-
41
-
### <aname="Prerequisites"></a> Prerequisites
42
-
43
-
- You must associate the [!INCLUDE[ssNoVersion](../../../includes/ssnoversion-md.md)] login with a database user in the publication database before you add the login to the PAL.
44
-
45
-
## <aname="SSMSProcedure"></a> Using SQL Server Management Studio
46
-
You use the publication access list (PAL) on the **Publication Access List** page of the **Publication Properties - \<Publication>** dialog box to manage logins. For more information about how to access this dialog box, see [View and Modify Publication Properties](../../../relational-databases/replication/publish/view-and-modify-publication-properties.md).
47
-
48
-
#### To manage logins in the PAL
49
-
50
-
1. On the **Publication Access List** page of the **Publication Properties - \<Publication>** dialog box, use the **Add**, **Remove**, and **Remove All** buttons to add and remove logins and groups from the PAL. Do not remove **distributor_admin** from the PAL. This account is used by replication.
51
-
52
-
> [!NOTE]
53
-
> If a remote Distributor is used, accounts in the PAL must be available at both the Publisher and the Distributor. The account must be either a domain account or a local account that is defined at both servers. The passwords that are associated with both logins must be the same.
#### To view groups and logins that belong to the PAL
60
-
61
-
1. At the Publisher on the publication database, execute [sp_help_publication_access](../../../relational-databases/system-stored-procedures/sp-help-publication-access-transact-sql.md). For **@publication**, specify the publication name. This displays information about the groups and logins in the PAL.
62
-
63
-
#### To add groups and logins to the PAL
64
-
65
-
1. At the Publisher on the publication database, execute [sp_grant_publication_access](../../../relational-databases/system-stored-procedures/sp-grant-publication-access-transact-sql.md). For **@publication**, specify the publication name; and for **@login**, specify the name of the login or group that is being added.
66
-
67
-
#### To remove groups and logins from the PAL
68
-
69
-
1. At the Publisher on the publication database, execute [sp_revoke_publication_access](../../../relational-databases/system-stored-procedures/sp-revoke-publication-access-transact-sql.md). For **@publication**, specify the publication name; and for **@login**, specify the name of the login or group that is being removed.
70
-
71
-
## See Also
72
-
[Manage Logins in the Publication Access List](../../../relational-databases/replication/security/manage-logins-in-the-publication-access-list.md)
[Secure a Replication Topology](../../../relational-databases/replication/security/secure-a-replication-topology.md)
75
-
[Secure the Publisher](../../../relational-databases/replication/security/secure-the-publisher.md)
76
-
77
-
26
+
This topic describes how to manage logins in the Publication Access List in [!INCLUDE[ssCurrent](../../../includes/sscurrent-md.md)] by using [!INCLUDE[ssManStudioFull](../../../includes/ssmanstudiofull-md.md)] or [!INCLUDE[tsql](../../../includes/tsql-md.md)]. Access to a publication is controlled by the publication access list (PAL). Logins and groups can be added and removed from the PAL.
27
+
28
+
**In This Topic**
29
+
30
+
-**Before you begin:**
31
+
32
+
[Prerequisites](#Prerequisites)
33
+
34
+
-**To manage logins in the Publication Access List, using:**
35
+
36
+
[SQL Server Management Studio](#SSMSProcedure)
37
+
38
+
[Transact-SQL](#TsqlProcedure)
39
+
40
+
## <aname="BeforeYouBegin"></a> Before You Begin
41
+
42
+
### <aname="Prerequisites"></a> Prerequisites
43
+
44
+
- You must associate the [!INCLUDE[ssNoVersion](../../../includes/ssnoversion-md.md)] login with a database user in the publication database before you add the login to the PAL.
45
+
46
+
## <aname="SSMSProcedure"></a> Using SQL Server Management Studio
47
+
You use the publication access list (PAL) on the **Publication Access List** page of the **Publication Properties - \<Publication>** dialog box to manage logins. For more information about how to access this dialog box, see [View and Modify Publication Properties](../../../relational-databases/replication/publish/view-and-modify-publication-properties.md).
48
+
49
+
#### To manage logins in the PAL
50
+
51
+
1. On the **Publication Access List** page of the **Publication Properties - \<Publication>** dialog box, use the **Add**, **Remove**, and **Remove All** buttons to add and remove logins and groups from the PAL. Do not remove **distributor_admin** from the PAL. This account is used by replication.
52
+
53
+
> [!NOTE]
54
+
> If a remote Distributor is used, accounts in the PAL must be available at both the Publisher and the Distributor. The account must be either a domain account or a local account that is defined at both servers. The passwords that are associated with both logins must be the same.
#### To view groups and logins that belong to the PAL
61
+
62
+
1. At the Publisher on the publication database, execute [sp_help_publication_access](../../../relational-databases/system-stored-procedures/sp-help-publication-access-transact-sql.md). For **@publication**, specify the publication name. This displays information about the groups and logins in the PAL.
63
+
64
+
#### To add groups and logins to the PAL
65
+
66
+
1. At the Publisher on the publication database, execute [sp_grant_publication_access](../../../relational-databases/system-stored-procedures/sp-grant-publication-access-transact-sql.md). For **@publication**, specify the publication name; and for **@login**, specify the name of the login or group that is being added.
67
+
68
+
#### To remove groups and logins from the PAL
69
+
70
+
1. At the Publisher on the publication database, execute [sp_revoke_publication_access](../../../relational-databases/system-stored-procedures/sp-revoke-publication-access-transact-sql.md). For **@publication**, specify the publication name; and for **@login**, specify the name of the login or group that is being removed.
71
+
72
+
## See Also
73
+
[Manage Logins in the Publication Access List](../../../relational-databases/replication/security/manage-logins-in-the-publication-access-list.md)
0 commit comments