Sunday, September 3, 2017

Audit Features in E-Business Suite

1. Set Sign-On Audit Level
The valid settings for the profile option SIGNONAUDIT:LEVEL are None, User, Responsibility and
Form. At site level, set this profile option to Form to enable as much auditing as possible. At this setting, the
system logs all user sign-ons, responsibility selections and form accesses to APPLSYS.FND_LOGINS, APPLSYS.
FND_LOGIN_RESPONSIBILITIES and APPLSYS.FND_LOGIN_RESP_FORMS, respectively.

Profile Option Name
Description
Recommend
Sign-On:Audit Level
Set at site-level to track actions starting when the user logs on
Form


2. Monitor System Activity With OAM
Oracle Application Manager (OAM) provides screens for monitoring current and past system activity. In addition,
OAM provides a framework extensible for running custom OAM reports. Monitoring features include current
and historic user activity down to the page access level and current and historical Concurrent Manager
activity. See OAM documentation for complete product information.
Regarding Page Access Tracking, it tracks Oracle Applications usage statistics non-intrusively and with negligible
performance impact. It tracks Web-based and Form-based accesses across technology stacks and correlates
them for each user session. See MOS Note 402116.1 for more detailed information about Page Access Tracking

3. Retrieve Audit Records Using Reports
Oracle E-Business Suite ships standard reports to access signon, unsuccessful signon, responsibility usage, form
usage and concurrent request usage. Access these reports through the system administrator responsibility.
Signon Audit Concurrent Requests
Signon Audit Forms
Signon Audit Responsibilities
Signon Audit Unsuccessful Logins
Signon Audit Users

4. Retrieve Audit Records Using SQL
The system stores end-user access data in the following tables. Develop SQL scripts to query these tables to
generate reports.
APPLSYS.FND_LOGINS
APPLSYS.FND_LOGIN_RESPONSIBILITIES
APPLSYS.FND_LOGIN_RESP_FORMS
APPLSYS.FND_UNSUCCESSFUL_LOGINS
FND_CONCURRENT_REQUESTS
ICX.ICX_FAILURES

5. Purge Audit Records
Purge end-user access data using the Purge Signon Audit Data concurrent program. The current program purges
all audit records older than a user supplied date. Run this concurrent program between once a week and once a
month, retaining 30 to 90 days of records. This concurrent program purges the following tables:
FND_LOGIN_RESP_FORMS
FND_LOGIN_RESPONSIBILITIES
FND_LOGINS
FND_UNSUCCESSFUL_LOGINS

Purge concurrent request data using the Purge Concurrent Request and/or Manager Data concurrent program.
Run this concurrent program at least once a week and retain 14 to 90 days of records.
Periodically archive and truncate the FND_LOGIN% tables

6. Review Data Tracked (No Reports Available)
Some data tracked by the system do not have associated reports. Nevertheless, these audit records contain valuable
information.
Who Columns
For most E-Business Suite tables, database rows are updated with the creation and last update information. The
system stores this information in the following columns (known as “Who Columns”):

Who Column Name
Description
CREATE_DATE
Date and Time row was created
CREATE_BY
Oracle Applications user ID from FND_USER
LAST_UPDATE_LOGIN
Login ID from FND_LOGINS
LAST_UPDATE_DATE
Date and Time row as last updated
LAST_UPDATE_BY
Oracle Applications user ID from FND_USERS

Join with FND_USERS and FND_LOGINS tables to identify the application user tracked in the audit record.
Note, only the last update to record is saved. To save the entire history of a row, enable Oracle E-Business Suite
Audit Trail.

7. Unsuccessful Logins
The system automatically stores unsuccessful logon attempts in the APPLSYS.FND_UNSUCCESSFUL_LOGINS
and ICX.ICX_FAILURES tables. The ICX_FAILURES table holds more information than the
FND_UNSUCCESSFUL_LOGINS. Both the FND_UNSUCCESSFUL_LOGINS and ICX_FAILURES tables contain
unsuccessful logins via the Personal Home Page (Self Service/Web Interface). Failed Forms logins are logged
only to the FND_UNSUCCESSFUL_LOGINS table. This functionality cannot be disabled.


No comments:

Post a Comment

Best Blogger TipsGet Flower Effect