We just installed ArcGIS Server 10.2.2 (AGS). The service account on AGS is a domain account that is also within our SQL Server database (operating system).
We have tried several ways to create 2-way disconnected replication using Operating System Authentication.
Our main users (who are Publishers in AGS and hoped to make replica owners, set up database connections, etc) are set up on SQL Server as follows:
Server role is public
Mapped to the database in SQL as db_datareader and public
Membership at the database level is db_datareader
Privileges given via ArcCatalog to the data layers is SELECT, INSERT, UPDATE, DELETE for their operating system logins
However, when they tried to create geodata services and replicas, the remote user could see the data using their AGS built-in user name and password BUT the sync would not work UNLESS we gave the AGS service account db_owner membership at the database level. I would have thought this unnecessary for the service account. Because setting db_owner for the service account seemed like a security risk, we are currently using database authentication for setting up replicas, geodata services and database connections and it works.
This database user is set up this way:
Server role is public
Mapped to the database in SQL as public
It does not have any Membership at the database level
It does have its own schema at the database level.... (I tried doing the same with the service account OSA but it didn't seem to make a difference)
Privileges given via ArcCatalog to the data layers is SELECT, INSERT, UPDATE, DELETE for this database user
- Is it possible to set up operating system authentication for 2 way replicas?
- Why does a database user with "seemingly" less permissions work without db_owner set on the service account?
- Does both AGS and SQL have to have operating system authentication? Currently we have built-in for AGS and operating systems plus database users on our SQL. Our remote users are not within our active directory.
- Have we missed something on the service account permissions?
- Any pros or cons not using operating system authentication?
Thank you in advance,