Security Considerations for Updating Subscriptions

In addition to the general considerations for subscriptions, there are a number of considerations for updating subscriptions.

Immediate Updating Subscriptions

When you configure an immediate updating subscription, you specify an account at the Subscriber under which connections to the Publisher are made. Connections are used by the triggers that fire at the Subscriber and propagate changes to the Publisher. There are three options available for the type of connection:

  • A linked server that replication creates; the connection is made with the credentials you specify at configuration time.

  • A linked server that replication creates; the connection is made with the credentials of the user making the change at the Subscriber.

  • A linked server or remote server that you have already defined.


To specify connection information, use the stored procedure sp_link_publication (Transact-SQL). You can also use the Login for Updatable Subscriptions page of the New Subscription Wizard, which calls sp_link_publication. Under certain conditions, this stored procedure can fail if the Subscriber is running SQL Server 2005 Service Pack 1 (SP1) or later, and the Publisher is running an earlier version. If the stored procedure fails in this scenario, upgrade the Publisher to SQL Server 2005 SP1 or later.

For more information, see:


The account specified for the connection should only be granted permission to insert, update, and delete data on the views that replication creates in the publication database; it should not be given any additional permissions. Grant permissions on views in the publication database that are named in the form syncobj_<HexadecimalNumber> to the account you configured at each Subscriber.

Queued Updating Subscriptions

When you configure queued updating subscriptions, there are two areas to keep in mind that relate to security: