To download master users to a replica database, subscribe to user information from the master database in a separate message by using the following statement in the replica database:
The sync_config_arg defines the search pattern of the user names that are returned from the master database to the replica. If you want all names to be sent to the replica, specify the SQL wildcard % as the input argument.
The MESSAGE APPEND SYNC_CONFIG statement itself requires appropriate privileges. When you create a new replica database, that replica database has no privileges and thus cannot connect to the master database. You need to create a replica registration user to initially populate the SYS_SYNC_USERS table with the list of master users from the master database; from then on, the list of master users can be downloaded as needed from the master database.
Public and private users
Database administrators designate users (in the SYS_USERS table of the master database) as PRIVATE or PUBLIC. If the PRIVATE option is set for a user, the user id and password are not sent to the replica during a subscription of the publication to the replica. By default, a user is set for PUBLIC.
Note There is no way to set a user as PRIVATE for some replicas and PUBLIC for others. Users are designated as either PRIVATE or PUBLIC throughout the system.
You should grant all users with administrative rights (DBA) to PRIVATE. This provides an extra measure of security by preventing a DBA password from ever being sent to a replica and becoming public.
Other users can also be set to PRIVATE if those users are not needed in replicas.
Note If a replica database executes transactions by using a user id that is set as PRIVATE in a master database, then operations in the master database (when executing the transactions that are propagated by the replica database) fail with a security error.