Users of a database involved in SQL Remote replication are identified by one of the following sets of permissions:
PUBLISH A single user ID in a database is identified as the publisher for that database. All outgoing SQL Remote messages, including both publication updates and receipt confirmations, are identified by the publisher user ID. Every database in a SQL Remote setup must have a single publisher user ID, as every database in a SQL Remote setup sends messages.
REMOTE All recipients of messages from the current database, or senders of messages to the current database, who are immediately lower on the SQL Remote hierarchy than the current database must be granted REMOTE permissions.
CONSOLIDATE At most one user ID may be granted CONSOLIDATE permissions in a database. CONSOLIDATE permissions identifies a database immediately above the current database in a SQL Remote setup. Each database can have only one consolidated database directly above it.
Information about these permissions are held in the SQL Remote system tables, and are independent of other database permissions.
Granting and revoking PUBLISH permissions
Granting and revoking REMOTE and CONSOLIDATE permissions
Assigning permissions in multi-tier installations