« Top 50 RAC-Related Acronyms | Main | Managing Your 10g Application Server »

Auditing In Oracle Applications

Auditing In Oracle Applications

Auditing in any production application is required due to various statutory or security obligations. Oracle Applications, an ERP which is backbone of the Organization implementing  it, it becomes all the more indispensable. Auditing aims at detection, prevention as well as track down any change which requires further investigation.

In Oracle Applications auditing can be done at two levels

  • Oracle Applications Users Level.
  • Oracle Applications Database/Schema Level.

In addition to the above you could also enable the standard Oracle RDBMS audit feature using 
the SYS.AUD$ table. In the current post however we will talk about only the auting 
capabilities of Oracle Applications.

Oracle Applications User Auditing

Sign On Audit
In Oracle Applications user level auditing can be done by enabling the Sign Audit profile option. This option can either be set at the user level, responsibility level or the Form level. To enable this kind of auditing you must set a value for the system profile option Sign-On: Audit Level.



Based upon the level of Sign Auditing selected the System capture all or some of the 
following information.

  • The users who sign on to the system
  • The Sign in and Sign Out times
  • Responsiblities they choose
  • The forms they use
  • Duration of using the form or responsibility
  • Terminals used for sign on.

You can get this information from the system by running one of the standard Oracle  Applications reports which are

  • Signon Audit Users
  • Signon Audit Responsibilities
  • Signon Audit Forms
  • Signon Audit Concurrent Requests
  • Signon Audit Unsuccessful Logins

Additionally you could also setup notifications for unsuccessful logins by setting the  Sign-On: Notification system profile option to YES.



You can also use the monitor users window to have a user level auditing. However you can view the information only of those users for whom sign on auditing has been enabled.



Oracle Applications Database/Schema Level

Oracle Applications also allows to track down changes made to the data in oracle applications. For this purpose Audit Trails are setup and used. The trails track the audited  table by creating a shadow table for each of the audited table. Internally this mechanism uses database triggers to populate the shadow tables. The Following steps are involved for  setting up a audit trail in oracle applications.

Define Audit Groups
The first step involves defining your audit group. An audit group is a set of tables and  columns that you wish to audit. You can choose either to enable auditing of all or some of the  columns of a table except LONG,RAW and LONG RAW. You could have multiple audit groups and a  same object can also be a part of different audit groups.

Define Audit Installations
In this stage you choose the registered ORACLE IDs that you wish to audit. Before you can 
define your audit installation you must have denied your audit groups.

Define Audit Table and Columns
After defining the audit groups and audit installations you can choose the tables and columns 
for which you wish to enable auditing. You can use the audit tables to do this.



Run the Audit Trail Update Tables Report
You must run a concurrent request Audit Trail Update Tables Report so that your audit trail  definitions and the required shadow tables are created. This report is also responsible for building database triggers for your audit installations.



Disabling Auditing
You can disable auditing at anytime by changing the audit group state through the Audit Groups 
window to either Disable - Interrupt Audit, Disable -  Prepare for Archive or Disable - Purge Table. You must run the Audit Trail Update Tables Report after making the selection.

Posted by Sam on December 19, 2006 12:43 PM |

TrackBack

TrackBack URL for this entry:
http://www.appsdbablog.com/blog-mt/mt-tb.fcgi/53

Comments

nice post sam, i have the follwoing qusitions plz:
- can i enable audit for custom tables on apps.
- also i manged to get the ip address for users connected to apps but is there any way that i can relat this ipaddress for the table that they are curretnly updateing. or is there a way that i can relate this ipaddress in some way to the audit fileds.

fadi hasweh
http://oracle-magic.blogspot.com/
Oracle is not Magic, it just takes years of experience

Posted by: fadi hasweh | December 19, 2006 08:34 PM

Thanks Fadi,
Yes you can enable audit on custom tables as log as they are registered within Oracle Applications.

Audit Trail in Oracle Applications just relates to the Oracle Application User Id, rather than the DB user ID maybe you could map the IP address with the User ID and try, but i have never seen that as of yet..
If you do get information i will look fwd to it in your blog.

Sam

Posted by: Sam | December 21, 2006 07:24 PM

thank you sam

Posted by: fadi hasweh | December 22, 2006 06:57 PM

Hi,
Am recently joined in the blog .com

My queries is related to Auditing. As you framed related to Auditing is perfectly simillar to my auditing on Oracle Apps. But, in the Audit Report, am not able to see By Whom? What? Where? in the defined audited table.

By Whom is refering to the customer name like A Ltd, B Ltd, C Ltd ...

Could you please suggest me how to get the customer nam e from the audited table?
Thanks Aru.

Posted by: Aru | January 26, 2007 08:08 PM

Hi,

I've set up Audit Trail on one Oracle Applications 11.5.10 instance. Can I migrate these definitions on another instance (clone) using FNDLOAD or something like that ?

Regards,
Mihai

Posted by: Mihai Tintea | February 2, 2007 04:06 PM

hi guys
can you please suggest how to enable auditing ?

Posted by: khanya | October 16, 2007 12:46 PM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)