<AgentName> Agent Security
Applies to: 
SQL Server
Azure SQL Managed Instance
The <AgentName> Agent Security page allows you to specify the accounts under which the Distribution Agent (for transactional and snapshot replication) or Merge Agent (for merge replication) run and make connections to the computers in a replication topology. For information on permissions required by agents and best practices for replication security, see Replication Agent Security Model and Replication Security Best Practices.
Options
Click the properties button (...) in the row for each Subscriber to access the Distribution Agent Security or Merge Agent Security dialog box. Click Help on the dialog box that is launched for more information on the permissions required for accounts used by the agents.
After settings have been entered in one of the dialog boxes, connection information for the Subscriber is displayed in the grid.
Agent for Subscriber
The name of each Subscriber.
Connection to Distributor
Displayed for transactional and snapshot replication. The context under which the connection to the Distributor is made. Local connections are always made using the context of the Microsoft Windows account under which the agent runs:
For push subscriptions, the local connection is the connection to the Distributor, so this field will always display: Impersonate '<Domain>\<Login>' or Impersonate '<Computer>\<Login>' for push subscriptions.
For pull subscriptions, the connection can also be made under the context of a Microsoft SQL Server login. The field displays one of the following: Use login '<Login>', Impersonate '<Domain>\<Login>' or Impersonate '<Computer>\<Login>'. Microsoft recommends that all connections be made using the context of the Windows account.
Connection to Publisher & Distributor
Displayed for merge replication. The context under which the connections to the Publisher and Distributor are made. Local connections are always made using the context of the Windows account under which the agent runs:
For push subscriptions, the local connection is the connection to the Publisher and Distributor, so this field will always display: Impersonate '<Domain>\<Login>' or Impersonate '<Computer>\<Login>' for push subscriptions.
For pull subscriptions, the connection can also be made under the context of a SQL Server login. The field displays one of the following: Use login '<Login>', Impersonate '<Domain>\<Login>' or Impersonate '<Computer>\<Login>'. Microsoft recommends that all connections be made using the context of the Windows account.
Connection to Subscriber
The context under which the connection to the Subscriber is made. Local connections are always made using the context of the Windows account under which the agent runs:
For pull subscriptions, the local connection is the connection to the Subscriber, so this field will always display: Impersonate '<Domain>\<Login>' or Impersonate '<Computer>\<Login>' for push subscriptions.
For push subscriptions, the connection can also be made under the context of a SQL Server login. The field displays one of the following: Use login '<Login>', Impersonate '<Domain>\<Login>' or Impersonate '<Computer>\<Login>'. Microsoft recommends that all connections be made using the context of the Windows account.
See Also
View and Modify Pull Subscription Properties
View and Modify Push Subscription Properties
Identity and access control for replication
Replication Agent Security Model
View and modify replication security settings
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for