Grant the service account running the Active Roles Administration Service permissions on the SQL Server which hosts the Active Roles database(s).
If the Administration Service does not participate in SQL Replication (standalone Administration Service), or holds the Subscriber role in SQL Replication, then it requires the following SQL Server permissions:
If the Administration Service holds the Publisher role in Active Roles Server replication, then it requires the following permissions:
Before promoting a particular instance of the Active Roles Administration Service to the Publisher role, ensure that the service account which is used by that Administration Service instance to access the Active Roles database(s) belongs to the sysadmin role on the SQL Server which hosts the database(s).
Before configuring a particular instance of the Administration Service to hold the Subscriber role, ensure that the following conditions are true:
SQL Server Management Studio to configure the SQL Server permissions as follows, assuming that:
To configure the Active Roles database related permissions
To configure the msdb database related permissions
Add the login to the sysadmin server role by using SQL Server Management Studio as follows.
To add a login to the sysadmin role
Solution was tested both for SQL 2005 and 2008
1) Why does the application require sysadmin permissions in order to function?
A: SQL server design requires sysadmin rights for configuring replication
2) What type of replication does it use? Why does it need permissions to manage this on the fly - i.e. why can't a DBA set this up, thus reducing an additional requirement to have elevated privileges?
A: We use Merge replication. DBA cannot just configure replication because during replication setup ARS server changes some internal data structures. (Briefly speaking, if configuration of replication is performed not by ARS service, then some internal data will be inconsistent)
3) Outside of the service account that is used to run the application do any other users require any elevated privileges?