test

Oracle Waveset 8.1.1 Business Administrator's Guide

Audit Configuration

Audit configuration is composed of one or more publishers and several predefined groups.

An audit group defines a subset of all audit events based on object types, actions, and action results. Each publisher is assigned one or more audit groups. By default, the repository publisher is assigned to all audit groups.

An audit publisher delivers audit events to a particular audit destination. The default repository publisher writes audit records into the repository. Each audit publisher may have implementation specific options. Audit publishers may have a text formatter assigned. (Text formatters provide textual representation of audit events.)

The Audit Configuration (#ID#Configuration:AuditConfiguration) object is defined in the sample/auditconfig.xml file. This configuration object has an extension that is a generic object.

At the top level, this configuration object has the following attributes:

The filterConfiguration Attribute

The filterConfiguration attribute lists event groups, which are used to enable one or more events to pass through the event filter. Each group listed in the filterConfiguration attribute contains the attributes listed in Table 10–2.

Table 10–2 filterConfiguration Attributes

Attribute 

Type 

Description 

groupName

String 

Event group name 

displayName

String 

Message catalog key representing the group name 

enabled

String 

Boolean flag indicating whether the entire group is enabled or disabled. This attribute is an optimization for the filtering object. 

enabledEvents

List 

List of generic objects that describe which events a group enables. An event must be listed to enable its logging. Each object listed must have these attributes: 

  • objectType (String)– objectType Name.

  • actions (List)– List of one or more actions.

  • results (List)– List of one or more results.

Example 10–5 illustrates the default Resource Management group.

Example 10–5 Default Resource Management Group


<Object name=’Resource Management’> <Attribute name=’enabled’ value=’true’/> 
<Attribute name=’displayName’ value=’UI_RESOURCE_MGMT_GROUP_DISPLAYNAME’/> 
<Attribute name=’enabledEvents’> <List> <Object> <Attribute name=’objectType’ value=’Resource’/> 
<Attribute name=’actions’ value=’ALL’/> <Attribute name=’results’ value=’ALL’/> </Object> <Object> 
<Attribute name=’objectType’ value=’ResourceObject’/> <Attribute name=’actions’ value=’ALL’/> 
<Attribute name=’results’ value=’ALL’/> </Object> </List> </Attribute> </Object>

Waveset provides default audit event groups. These groups, and the events they enable, are described in the following sections:

You can configure each group from the Audit Configuration page of the Waveset Administrator interface (Configure > Audit). See Configuring Audit Groups and Audit Events for instructions.

The Audit Configuration page allows you to configure successful or failed events for each group. The interface does not support adding or modifying enabled events for groups, but you can do this by using the Waveset debug pages (see The Waveset Debug Page).

The default event groups and the events they enable are described in the following sections.

Note –

Setting the Actions value to All does not specify a default set of actions for the object type. Rather, the All value means that there are no actions specified for the object type, and that Waveset can audit any action for the object type.

Account Management

This group is enabled by default.

Table 10–3 Default Account Management Event Groups

Type  

Actions  

EncryptionKey

All Actions 

Identity System Account

All Actions 

Resource Account

Approve, Create, Delete, Disable, Enable, Modify, Pending Create, Pending Delete, Pending Disable, Pending Enable, Pending Rename, Pending Update, Reject, Rename, Unlock 

Provisioning Request

Completed, Not Completed 

Workflow Case

End Activity, End Process, End Workflow, Start Activity, Start Process, Start Workflow 

User

Approve, Create, Delete, Deprovision, Disable, Enable, Modify, Reject, Rename 

Logins/Logoffs Group

This group is enabled by default.

Table 10–4 Default Waveset Logins/Logoffs Event Groups

Type  

Actions  

User

Credentials Expired, Lock, Login, Logout, Unlock, Username Recovery 

Report Modifications

This group is enabled by default.

Table 10–5 Default Waveset Report Modifications Event Groups

Type  

Actions  

TaskTemplate

Create, Delete, Disable, Enable, Modify 

Password Management

This group is enabled by default.

Table 10–6 Default Password Management Event Groups and Events

Type  

Actions  

Resource Account 

Change Password, Reset Password 

Resource Management

This group is enabled by default.

Table 10–7 Default Resource Management Event Groups and Events

Type  

Actions  

Resource

All Actions 

ResourceForm

All Actions 

ResourceObject

All Actions 

Workflow Case

End Activity, End Process, End Workflow, Start Activity, Start Process, Start Workflow 

ResourceAction

All Actions 

AttrParse

All Actions 

Role Management

This group is disabled by default.

Table 10–8 Default Role Management Event Groups and Events

Type  

Actions  

Role

All Actions 

Security Management

This group is enabled by default.

Table 10–9 Default Security Management Event Groups and Events

Type  

Actions  

Capability

All Actions 

EncryptionKey

All Actions 

Organization

All Actions 

Admin Role

All Actions 

Task Management

This group is disabled by default.

Table 10–10 Task Management Event Groups and Events

Type  

Actions  

ProvisioningTask

All Actions 

TaskDefinition

All Actions 

TaskInstance

All Actions 

TaskSchedule

All Actions 

TaskResult

All Actions 

Changes Outside Identity System

This group is disabled by default.

Table 10–11 Changes Outside Waveset Event Groups and Events

Type  

Actions  

ResourceAccount

NativeChange

Configuration Management

This group is enabled by default.

Table 10–12 Default Configuration Management Event Groups

Type  

Actions  

Configuration

All Actions 

Data Exporter

All Actions 

Database Connection

All Actions 

EmailTemplate

All Actions 

Log

All Actions 

LoginConfig

All Actions 

Policy

All Actions 

Rule

All Actions 

UserForm

All Actions 

XmlData

Import 

Service Provider

This group is enabled by default.

Table 10–13 Service Provider Event Groups and Events

Type  

Actions  

Directory User

Challenge Response, Create, Delete, Modify, Post-Operation Callout, Pre-Operation Callout, Update Authentication Answers, Username Recovery 

Event Management

This group is enabled by default.

Table 10–14 Default Event Management Event Groups

Type  

Actions  

Email

Notify 

TestNotification

Notify 

Compliance Management

This group is enabled by default.

Table 10–15 Default Compliance Management Group Events

Type  

Actions  

Audit Policy

All Actions 

AccessScan

All Actions 

ComplianceViolation

All Actions 

Data Exporter

All Actions 

UserEntitlement

Attestor Approved, Attestor Rejected, Remediation Requested, Rescan Requested, Terminate 

Access Review Workflow

All Actions 

Remediation Workflow

All Actions 

The extendedTypes Attribute

Each new Type that you add to the com.waveset.object.Type class can be audited. A new Type must be assigned a unique two-character database key, which is stored in the database. All new Types are added to the various audit reporting interfaces. Each new Type to be logged to the database without being filtered must be added to an audit event groups enabledEvents attribute (as described with the enabledEvents attribute).

There may be situations in which you want to audit something that does not have an associated com.waveset.object.Type, or where you want to represent an existing type with more granularity.

For example, the WSUser object stores all of the user’s account information in the repository. Instead of marking each event as a USER type, the auditing process splits the WSUser object into two different audit types (Resource Account and Waveset Account). Splitting the object in this way makes it easier to find specific account information in the audit log.

Add extended audit types by adding to the extendedObjects attribute. Each extended object must have the attributes listed in the following table.

Table 10–16 Extended Object Attributes

Argument 

Type 

Description 

name

String 

The name of the type, which is used when constructing AuditEvents and during event filtering. 

displayName

String 

A message catalog key that represents the name of the type. 

logDbKey

String 

Two-character database key to use when storing this object in the Log table. See Audit Log Database Mappings for reserved values.

supportedActions

List 

Actions supported by the object type. This attribute will be used when creating audit queries from the user interface. If this value is null, all actions will be displayed as possible values to be queried for this object type. 

mapsToType

String 

(Optional) The name of the com.waveset.object.Type that maps to this type, if applicable. This attribute is used when attempting to resolve an object organizational membership if not already specified on the event.

organizationalMembership

List 

(Optional) A default list of organization IDs where events of this type should be placed, if they do not already have assigned organizational membership. 

All customer-specific keys should start with the # symbol to prevent duplicate keys when new internal keys are added.

Example 10–6 illustrates the extended-type Waveset Account.

Example 10–6 Extended Type Waveset Account


<Object name=’LighthouseAccount’> <Attribute name=’displayName’ value=’LG_LIGHTHOUSE_ACCOUNT’/> 
<Attribute name=’logDbKey’ value=’LA’/> <Attribute name=’mapsToType’ value=’User’/> 
<Attribute name=’supportedActions’> <List> <String>Disable</String> <String>Enable</String> 
<String>Create</String> <String>Modify</String> <String>Delete</String> <String>Rename</String> 
</List> </Attribute> </Object>

The extendedActions Attribute

Audit actions typically map to com.waveset.security.Right objects. When adding new Right objects, you must specify a unique two-character logDbKey, which will be stored in the database. You may encounter situations where there is no right to correspond to a particular action that must be audited. You can extend actions by adding them to the list of objects in the extendedActions attribute.

Each extendedActions object must include the attributes listed in Table 10–17.

Table 10–17 extendedAction Attributes

Attribute 

Type 

Description 

name

String 

The name of the action, which is used when constructing AuditEvents and during event filtering. 

displayName

String 

A message catalog key that represents the name of the action. 

logDbKey

String 

Two-character database key to use when storing this action in the Log table. 

See Audit Log Database Mappings for reserved values.

All customer-specific keys should start with the # symbol to prevent duplicate keys when new internal keys are added.

Table 10–17 illustrates adding an action for Logout.

Example 10–7 Adding an Action for Logout


<Object name=’Logout’> <Attribute name=’displayName’ value=’LG_LOGOUT’/> 
<Attribute name=’logDbKey’ value=’LO’/> </Object>

The extendedResults Attribute

In addition to extending audit types and actions, you can add results. By default, there are two results: Success and Failure. You can extend results by adding them to the list of objects in the extendedResults attribute.

Each extendedResults object must include the attributes described in Table 10–18.

Table 10–18 extendedResults Attributes

Attribute 

Type 

Description 

name

String 

The name of the result, which is used when setting the status on AuditEvents and during event filtering. 

displayName

String 

A message catalog key that represents the name of a result. 

logDbKey

String 

One-character database key to use when storing this result in the Log table. See the section titled Database Keys for reserved values. 

All customer-specific keys should use the range 0–9 to prevent duplicate keys when new internal keys are added.

The publishers Attribute

Each item in the publishers list is a generic object. Each publishers object has the following attributes.

Table 10–19 publishers Attributes

Attribute 

Type 

Description 

class

String 

The name of the publisher class. 

displayName

String 

A message catalog key that represents the name of the publisher. 

description

String 

A description of the publisher. 

filters

List 

A list of audit groups assigned to this publisher. 

formatter

String 

The name of the text formatter (if any). 

options

List 

A list of publisher options. These options are publisher specific; each item in the list is a map representation of PublisherOption. See sample/auditconfig.xml for examples.