V-219824

Discussion

Replication database accounts are used for database connections between databases. Replication requires the configuration of these accounts using the same username and password on all databases participating in the replication. Replication connections use fixed user database links. This means that access to the replication account on one server provides access to the other servers participating in the replication. Granting unauthorized access to the replication account provides unauthorized and privileged access to all databases participating in the replication group.

Check Content

From SQL*Plus:

  select 'The number of replication objects defined is: '||
  count(*) from all_tables 
  where table_name like 'REPCAT%';

If the count returned is 0, then Oracle Replication is not installed and this check is not a finding.

Otherwise:

From SQL*Plus:

  select count(*) from sys.dba_repcatlog;

If the count returned is 0, then Oracle Replication is not in use and this check is not a finding.

If any results are returned, ask the ISSO or DBA if the replication account (the default is REPADMIN, but may be customized) is restricted to ISSO-authorized personnel only.

If it is not, this is a finding.

If there are multiple replication accounts, confirm that all are justified and documented with the ISSO.

If they are not, this is a finding.

Note: Oracle Database Advanced Replication is deprecated in Oracle Database 12c. Use Oracle GoldenGate to replace all features of Advanced Replication, including multimaster replication, updatable materialized views, hierarchical materialized views, and deployment templates.