How to: Configure Permissions for a Local Service (Transact-SQL)

SQL Server enforces SEND permission for each service and RECEIVE permissions for each queue. The security principal that owns the initiating service must have SEND permission on the target service. The security principal for an application must have RECEIVE permission for each queue that the application receives messages from.

This procedure is a simplified form of the procedure for creating a remote security configuration. In both cases, you grant SEND permission on the destination service and RECEIVE permission on the queue for the service that sends the messages. For a remote security configuration, however, you must also configure Service Broker security to correctly identify the remote user. For a configuration within a single database, you only need to grant permissions.

Granting permissions for a local service

  1. Grant permission for the user to receive from the queue that the application uses.

  2. Grant permission for the user that owns the initiating service to send messages to the services that the application communicates with.


This example configures permissions to allow BrokerApplicationUser to send messages from the service that uses the queue StoreFrontQueue to the service Ordering. This procedure assumes that the user, the services, and the queue already exist.

USE AdventureWorks2008R2 ;

-- This example sets permissions for a service
-- program that sends messages to the Ordering service
-- and receives messages from the StoreFrontQueue queue.

-- Grant SEND permission on the service to the owner
-- of the initiating service.
TO [BrokerApplicationUser] ;

-- Grant RECEIVE permission on the queue.
GRANT RECEIVE ON [StoreFrontQueue]
TO [BrokerApplicationUser] ;