Replication databases should have authorized db_owner role members. The replication monitor role should have authorized members.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15178	DM6070-SQLServer9	SV-23855r1_rule	ECLP-1	Medium

Description
Role privileges required by replication include full privileges to the databases with replicated objects. Restrict replication database db_owner role memberships and the system distribution database replmonitor database role membership to authorized replication agent accounts that require access to the database. Unauthorized access can provide unintentional or malicious users greater opportunity to exploit replication access.

Description

Role privileges required by replication include full privileges to the databases with replicated objects. Restrict replication database db_owner role memberships and the system distribution database replmonitor database role membership to authorized replication agent accounts that require access to the database. Unauthorized access can provide unintentional or malicious users greater opportunity to exploit replication access.

STIG	Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide	2015-04-03

Details

Check Text ( None )
None

Fix Text (F-14829r1_fix)
Revoke role membership for unauthorized accounts granted replication role memberships: USE [database name] EXEC SP_DROPROLEMEMBER '[replmonitor or db_owner]' FROM '[account name]'