Permissions Required to Deploy and Administer Notification Services
Administration tasks for Notification Services fall into two categories: deploying instances and day-to-day operations. Each category requires different permissions.
The deployment tasks, such as creating, registering, updating, and deleting instances of Notification Services, require higher privileges because these commands can manipulate databases and registry information. These tasks require membership in the local Administrators group in Microsoft Windows and membership in the sysadmin or dbcreator fixed server roles in SQL Server.
The day-to-day administrative tasks, such as enabling or disabling components or viewing instance status, require a lower level of privileges. The necessary permissions can be granted by adding administrator accounts to Notification Services database roles, such as NSAdmin and NSAnalysis and to the SQLServer2005NotificationServicesUser$ComputerName Windows group.
The common administration tasks, and the Windows and SQL Server permissions required to perform these tasks, are shown in the following table.
| Task | Minimum Windows permissions | Minimum SQL Server permissions | |
|---|---|---|---|
|
Creating an instance |
Local SQLServer2005NotificationServicesUser$ComputerName group |
sysadmin fixed server role | |
|
Deleting an instance |
Local SQLServer2005NotificationServicesUser$ComputerName group |
dbcreator fixed server role | |
|
Disabling an instance |
Local SQLServer2005NotificationServicesUser$ComputerName group |
NSAdmin database role or dbcreator fixed server role | |
|
Enabling an instance |
Local SQLServer2005NotificationServicesUser$ComputerName group |
NSAdmin database role or dbcreator fixed server role | |
|
Exporting instance and application metadata |
Local SQLServer2005NotificationServicesUser$ComputerName group |
NSAdmin database role or dbcreator fixed server role | |
|
Listing registered instances and applications |
Local SQLServer2005NotificationServicesUser$ComputerName group |
None | |
|
Registering an instance |
Local Administrators group |
None | |
|
Unregistering an instance |
Local Administrators group |
None | |
|
Updating an instance |
Local SQLServer2005NotificationServicesUser$ComputerName group |
db_owner database role or sysadmin fixed server role | |
|
Upgrading an instance |
Local SQLServer2005NotificationServicesUser$ComputerName group |
db_owner database role or sysadmin fixed server role | |
|
Viewing argument encryption keys |
Local Administrators, local Power Users group, or the account used to run the Notification Services engine |
None | |
|
Viewing instance status |
Local Administrators group
|
NSAnalysis, NSDistributor, NSEventProvider, NSGenerator, NSReader, NSRunService, NSSubscriberAdmin, or NSVacuum database roles; sysadmin fixed server role |
Note: 