Granting the SYS_RUN_REPLICATION_ROLE

The SYS_RUN_REPLICATION_ROLE system role is a member of the SYS_AUTH_DBA_ROLE compatibility role with full administrative rights.

You cannot revoke this default set of system privileges from the SYS_RUN_REPLICATION_ROLE system role, but you can grant additional system privileges and roles to, and revoke them from, the SYS_RUN_REPLICATION_ROLE system role.

By default, the SYS_AUTH_DBA_ROLE compatibility role is granted to the SYS_RUN_REPLICATION_ROLE system role to address any possible requirements for additional system privileges to perform other replication related authorized tasks over and above the above-noted explicitly granted system privileges. However, SAP recommends that you revoke the SYS_AUTH_DBA_ROLE compatibility role from SYS_RUN_REPLICATION_ROLE system role and explicitly grant those specific additional system privileges or roles identified for other replication tasks to the SYS_RUN_REPLICATION_ROLE system role.

You can grant the SYS_RUN_REPLICATION_ROLE system role to other roles only with no administrative rights (WITH NO ADMIN OPTION clause). The WITH ADMIN OPTION and WITH ADMIN ONLY OPTION clauses are invalid for the SYS_RUN_REPLICATION_ROLE system role.

By default, when granting SYS_RUN_REPLICATION_ROLE, underlying system privileges are inherited by members of the receiving group. To prevent inheritance, include the WITH NO SYSTEM PRIVILEGE INHERITANCE clause for this system role only.

The MIN_ROLE_ADMINS database option ensures that a designated number of users who can grant the MANAGE REPLICATION system privilege to, and revoke from, other users always exists in the database.