The following information is provided as reference on how Replication of Security Objects works.
Security related Resource Types:
4. Authentication Server
5. Internal Credential
6. Password Policy
When enabled it will cause any ‘Hierarchy managed’ security role that is deleted on the parent NS, to also be deleted at the child NS.
The setting requires that it be enabled at each parent NS for the delete tracking to flow down through the hierarchy.
The deletion of security roles is tracked in the same way as item deletion via the ‘HierarchySingularTask’ task table. The ‘Type’ column is set to a value of ‘Role’ in this case. See HOWTO42295 for more detail on the HierarchySingularTask table functionality.
The core setting requires that it be enabled at each parent NS for role membership synchronization to flow down through the hierarchy.
If security privileges are replicated but the applicable Security Role is not, the information for what role the privilege is assigned to is still stored in the database. Later if the applicable Security Role is replicated, these privileges are joined up to the appropriate Role.