Skip Headers
Oracle® Access Manager Identity and Common Administration Guide
10g (

Part Number E12489-01
Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Index
Go to Feedback page
Contact Us

Go to previous page
Go to next page
View PDF

9 Reporting

This chapter provides an overview of reporting features, the information each feature presents, the types of output available, and possible uses for these reports. This chapter covers the following topics:

9.1 About Reporting

Oracle Access Manager can collect and present a wide range of information related to the following:

To help distinguish among the many report-related features built into Oracle Access Manager, this chapter reserves certain terms to describe specific functional areas, as explained in the following table:

Table 9-1 Reserved Terms Used for Reporting

Feature Description


Refers exclusively to the SNMP data collected so that you can monitor the health and performance of the network components that host your system. For a complete discussion of SNMP Monitoring, see "SNMP Monitoring".


Refers exclusively to program execution data collected so that you can diagnose the health of the components that make up your system, troubleshoot execution errors, and debug custom AccessGates and other plug-ins. For a complete discussion of logging, see "Logging".


Refers to two types of data:

  • Dynamic audit data is collected from Access Servers and Identity Servers. It encompasses Oracle Access Manager system events such as resource requests, password changes, and account revocation.

  • Static audit data is collected from the directory server. It encompasses policy and profile information.

For a general discussion of static and dynamic reports, see "Report Types".

For a complete discussion of auditing, see "Auditing".


The Access Server and Identity Server provide diagnostic tools to help you work with an Oracle Technical Support representative to troubleshoot problems. See "Capturing Diagnostic Information" for details.

You can also collect information about parameter settings and states for Access Servers, Identity Servers, and their connections to the Oracle Access Manager directory components. See Table 11-1 for details.

Access Testing

Refers exclusively to the on-screen display that provides a quick way of determining whether a given user has access to a given resource at a given time. For more on access testing, see Table 11-1.

Filtered Queries

Refers to the advanced searches of the directory conducted through various Oracle Access Manager applications to generate lists of users or resources that share certain combinations of profile or policy attributes. For more on advanced filtered queries, see: Table 11-1.

Audit Reports

Refers exclusively to data that is collected from the Oracle Access Manager servers and directory server, stored in the audit database, then extracted, compiled, and formatted by preconfigured Crystal Reports presentation templates. For a complete discussion of Audit Reports, see "About Audit Reports" and "Setting up Audit Reports".

9.1.1 Report Types

The information collected and reported by the various reporting features falls into two broad categories:

  • Static reports: Generally compiled from settings stored on Oracle Access Manager components or third-party related components. For example, policy and profile information stored on the Oracle Access Manager directory server is classified as static audit data. Connection settings (and states) fall into the Diagnostic category. Certain Audit Reports use static (stored) policy and profile information to compile a list of resources that are available to specified users during specified times.

  • Dynamic Reports: Focus on events and changes in state at various levels throughout the Oracle Access Manager system. For example, the logging feature can record each function call (and outcome) originating from a given component. This low-level trace capability can be useful to developers. At the other end of the spectrum, the dynamic audit feature can reveal system intrusion threats by reporting patterns of failed authentication attempts on specific servers during a specific interval.

9.1.2 Data Sources

The reporting features can gather data from a variety of sources, the most important of which are covered in Table 9-2

Table 9-2 Primary Data Sources for the Reporting Features

Data Source Description

Oracle Access Manager directory

Stores several types of static information, including the following:

  • User, group, and organization profile settings

  • Policy settings for protecting resources

  • Connections settings such as those used to connect with Oracle Access Manager components or the various databases used by Oracle Access Manager

  • Certain security settings

  • Schema used to organize the LDAP directory at the heart of the Oracle Access Manager system

Component configuration files

Many key settings reside in configuration files stored within the directory structure of the Oracle Access Manager component they affect. This can range from the path to a database driver to the size of the buffer used for queuing log output.

System configuration files

These settings for the computers that host the various Oracle Access Manager components can be environment variables that make components visible to each other, or they can be protocol settings that enable components to communicate at the same level. Generally, Oracle Access Manager does not report such system-level configurations directly, but it can sometimes report corresponding settings that must match the settings established at the host system level.

Access Servers

In addition to providing configuration information about the settings they maintain to interact with other components, Access Servers can report Access System events such as authorization requests and their outcomes. This information is useful for determining who has gained (or tried to gain) access to what during a certain interval.

Identity Servers

Identity Servers also store certain settings that govern how they interact with other components. Additionally, they report Identity System events such as who attempted to submit credentials at what time, and whether that authentication attempt succeeded.

Other components

Components such as the Policy Manager can report changes to policies and certain other activities and settings.

9.1.3 Data Output

Generally, the various types of reports can send data to one or more of the following destinations:

  • The Oracle Access Manager graphical user interface

  • A plain text file on the computer hosting the component that is sending the data

  • A system file on the computer hosting the component that is sending the data

  • A central database


    When data is sent to the audit database, it is generally filtered, compiled, and presented using special Crystal Reports templates that generate Audit Reports.

    When a report is sent to the graphical user interface, it is likely to be somewhat less extensive than the equivalent type sent to a file or database. For instance, the on-screen Access Tester tool cannot report on the kind of complex user and resource groups that are available through the User Access Privilege tool, which sends output to a plain-text file or the audit database.

9.1.4 Output Configuration

Generally, you can format report output in one or both of the following ways:

  • Through the Oracle Access Manager graphical user interface

  • By manually editing a plain-text configuration file.

In a limited number of cases and to a limited extent, you can configure report output through a third-party GUI. For example, you can edit the templates used to generate the Audit Reports through the Crystal Reports interface.

9.1.5 Data Uses

Reports can prove useful to a variety of people, including the following:

  • Administrators for Oracle Access Manager

  • Network administrators

  • Security administrators

  • Compliance administrators

  • Custom AccessGate and plug-in developers

9.2 Summary of Reporting Features

Table 9-3 provides an overview the reporting features, the information they present, and potential uses to which these features can be applied.

Table 9-3 Overview of Reporting Features

Feature Type Output Source Data Potential uses




SNMP monitor

Network component states and events

Monitoring and troubleshooting the network hosting your Oracle Access Manager system




Oracle Access Manager components

Program execution (states and events)

Diagnosing component health and debugging custom AccessGate and plug-in code



File, DB

Oracle Access Manager servers

System events

Tracking usage patterns, system performance, component loading, and security compliance



File, DB

directory server

Profile and policy attributes

Identifying users and resources that fit specified patterns


Static or dynamic

GUI or file

directory server, Oracle Access Manager servers

Directory component, server, and connection settings and states; all program and thread calls

Verifying server and directory server settings, states, and connection details; taking stack traces

Access Tests



directory server

Profile and policy attributes

Quick determination of who has access to what at a given time.

Filtered Queries


GUI, file

directory server

Profile and policy attributes

Reporting on complex combinations of shared profile and policy attributes

Audit Reports (from Crystal Report templates by way of the audit database)

Global Access


GUI, file, hardcopy

directory server by way of audit db

Profile and policy attributes

Advanced reports on user and resource access privileges



GUI, file, hardcopy

component servers by way of audit db

Authentication events

Statistics on authentication events



GUI, file, hardcopy

component servers by way of audit db

Authorization events

Statistics on authorization events



GUI, file, hardcopy

component servers by way of audit db

Access and Identity System events

Statistics on and lists of various Oracle Access Manager events

ID history


GUI, file, hardcopy

component servers by way of audit db

Profile attributes and changes to attributes

Statistics on and lists of identity profile changes