Permissions Required to Deploy and Administer Notification Services
Administration tasks for Notification Services fall into two categories: deploying instances and day-to-day operations. Each category requires different permissions.
The deployment tasks, such as creating, registering, updating, and deleting instances of Notification Services, require higher privileges because these commands can manipulate databases and registry information. These tasks require membership in the local Administrators group in Microsoft Windows and membership in the sysadmin or dbcreator fixed server roles in SQL Server.
The day-to-day administrative tasks, such as enabling or disabling components or viewing instance status, require a lower level of privileges. The necessary permissions can be granted by adding administrator accounts to Notification Services database roles, such as NSAdmin and NSAnalysis and to the SQLServer2005NotificationServicesUser$ComputerName Windows group.
Permissions for Deployment and Administration Tasks
The common administration tasks, and the Windows and SQL Server permissions required to perform these tasks, are shown in the following table.
Task
Minimum Windows permissions
Minimum SQL Server permissions
Creating an instance
Local SQLServer2005NotificationServicesUser$ComputerName group
sysadmin fixed server role
Deleting an instance
Local SQLServer2005NotificationServicesUser$ComputerName group
dbcreator fixed server role
Disabling an instance
Local SQLServer2005NotificationServicesUser$ComputerName group
NSAdmin database role or dbcreator fixed server role
Enabling an instance
Local SQLServer2005NotificationServicesUser$ComputerName group
NSAdmin database role or dbcreator fixed server role
Exporting instance and application metadata
Local SQLServer2005NotificationServicesUser$ComputerName group
NSAdmin database role or dbcreator fixed server role
Listing registered instances and applications
Local SQLServer2005NotificationServicesUser$ComputerName group
None
Registering an instance
Local Administrators group
None
Unregistering an instance
Local Administrators group
None
Updating an instance
Local SQLServer2005NotificationServicesUser$ComputerName group
db_owner database role or sysadmin fixed server role
Upgrading an instance
Local SQLServer2005NotificationServicesUser$ComputerName group
db_owner database role or sysadmin fixed server role
Viewing argument encryption keys
Local Administrators, local Power Users group, or the account used to run the Notification Services engine
None
Viewing instance status
Local Administrators group
.gif "ms171300.note(en-US,SQL.90).gif")
Note:
If the instance is scaled-out, you must be a member of the Administrators group on all servers that run the engine.
NSAnalysis, NSDistributor, NSEventProvider, NSGenerator, NSReader, NSRunService, NSSubscriberAdmin, or NSVacuum database roles; sysadmin fixed server role
See Also
Concepts
Notification Services Database Roles