Publication Access Lists

When you create a publication, Microsoft® SQL Server™ 2000 creates a publication access list (PAL) for the publication. The PAL contains a list of logins that are granted access to the publication. The logins included in the PAL are members in the sysadmin fixed server role and the current login.

The PAL functions similarly to a Microsoft Windows® 2000 access control list. When a user or replication agent attempts to log in to a Publisher, SQL Server 2000 first checks to see if the login is in the PAL. If you must further expand or restrict access to a publication, you can add or delete logins in the PAL using SQL Server Enterprise Manager or the sp_grant_publication_access and sp_revoke_publication_access stored procedures.

A snapshot, transactional, or merge publication may be secured with a PAL through SQL Server Enterprise Manager or programmatically.

Note  A replication agent login for the Publisher and Distributor must exist in the PAL before it can access the publication. The user login must also exist in the publication database or the database must allow guest users. If you are using a remote Distributor, the logins must exist at both the Publisher and the Distributor before it can be added to the PAL. Because the replication agents run under SQL Server Agent, the account under which SQL Server Agent runs on a Windows platform must be in the PAL.

If you have a large number of user logins to add to the PAL, consider making them all members of a single Windows 2000 group and then adding the Windows 2000 group to the PAL.

To grant or revoke access to a publication