3 Managing Access and Other Settings

This chapter contains:

Managing User Accounts and Access

This section contains:

About Oracle AVDF Auditor Accounts and Passwords

There are two types of auditor accounts in Oracle AVDF:

  • Super Auditor:

    • Creates user accounts for super auditors and auditors

    • Has auditor access to all secured targets and secured target groups

    • Grants auditor access to secured targets or secured target groups to auditors

  • Auditor: Has access to specific secured targets or secured target groups granted by a super auditor

Passwords for these accounts need not be unique; however, Oracle recommends that passwords:

  • Have at least one uppercase alphabetic, one alphabetic, one numeric, and one special character (plus sign, comma, period, or underscore).

  • Be between 8 and 30 characters long.

  • Be composed of the following characters:

    • Lowercase letters: a-z.

    • Uppercase letters: A-Z.

    • Digits: 0-9.

    • Punctuation marks: comma (,), period (.), plus sign (+), colon(:), and underscore (_).

  • Not be the same as the user name.

  • Not be an Oracle reserved word.

  • Not be an obvious word (such as welcome, account, database, and user).

  • Not contain any repeating characters.

Creating Auditor Accounts in Oracle AVDF

Super auditors can create both super auditor and auditor user accounts.

To create an auditor account in Oracle AVDF:

  1. Log in to the Audit Vault Server console as a super auditor.

  2. Click the Settings tab.

    The Manage Auditors page appears by default, and displays existing users and the secured targets and/or groups to which they have access.

  3. Click Create.

  4. Enter the User Name and Password, and re-type the password in the appropriate fields.

    Note that Oracle AVDF does not accept user names with quotation marks, such as "jsmith".

  5. In the Type drop-down list, select Auditor or Super Auditor.

    See "About Oracle AVDF Auditor Accounts and Passwords" for an explanation of these roles.

  6. Click Save.

    The new user is listed in the Manage Auditors page.

Managing User Access to Secured Targets or Groups

This section contains:

About Managing User Access

Super auditors have access to all secured targets and secured target groups, and can grant access to specific targets and groups to auditors.

You can control access to secured targets or groups in two ways:

  • Modify a secured target or group to grant or revoke access for one or more users.

  • Modify a user account to grant or revoke access to one or more secured targets or groups.

Controlling Access by User

To control which secured targets or groups are accessible by a user:

  1. Log in to the Audit Vault Server console as a super auditor.

  2. Click the Settings tab, then click Manage Auditors.

    The Manage Auditors page displays existing users and the secured targets or groups to which they have access.

  3. Click the name of the user account you want to modify.

    The Modify Auditor page appears.

  4. In the Targets and Groups section, select the secured targets or secured target groups to which you want to grant or revoke access for this user.

  5. Click Grant Access or Revoke Access.

    A check mark indicates access granted. An "x" indicates access revoked.

  6. If necessary, repeat steps 4 and 5.

  7. Click Save.

Controlling Access by Secured Target or Group

To control which users have access to a secured target or group:

  1. Log in to the Audit Vault Server console as a super auditor.

  2. Click the Settings tab, and then click Manage Access.

  3. Click the name of the secured target or secured target group for which you want to define access rights.

    The Modify Access page for this secured target or group appears, listing user access rights to this secured target or group. Super auditors have access by default.

  4. In the Modify Access page, select the users for which you want to grant or revoke access to this secured target or group.

  5. Click Grant Access or Revoke Access.

    A check mark indicates access granted. An "x" indicates access revoked.

  6. If necessary, repeat steps 4 and 5.

  7. Click Save.

Changing a User Account Type in Oracle AVDF

You can change an auditor account type from auditor to super auditor, or vice versa. Note that if you change a user's account type from auditor to super auditor, that user will have access to all secured targets and secured target groups.

To change a user account type in Oracle AVDF:

  1. Log in to the Audit Vault Server console as a super auditor.

  2. Click the Settings tab.

    The Manage Auditors page appears by default, and displays existing users and the secured targets or groups to which they have access.

  3. Click the name of the user account you want to change.

  4. In the Modify Auditor page, in the Type section, click Change.

  5. In the Type drop-down list, select the new auditor type.

  6. If you changed the type from Super Auditor to Auditor, grant or revoke access to any secured targets or groups as necessary for this user:

    1. Select the secured targets or groups to which you want to grant or revoke access.

    2. Click Grant Access or Revoke Access.

      A check mark indicates access granted. An X indicates access revoked.

    3. Repeat steps a and b if necessary.

  7. Click Save.

Deleting an Auditor Account in Oracle AVDF

As a super auditor, you can delete any auditor account except the last super auditor.

To delete an auditor user account:

  1. Log in to the Audit Vault Server console as a super auditor.

  2. Click the Settings tab.

    The Manage Auditors page appears by default, and displays existing users and the secured targets or groups to which they have access.

  3. Select the users you want to delete, and then click Delete.

Changing Your Password

To change your Oracle AVDF password:

  1. Log in to the Audit Vault Server console as an auditor.

  2. Click the Settings tab, and then click Change Password.

  3. Enter your Current Password, then enter your New Password twice, and then click Save.

    See also "About Oracle AVDF Auditor Accounts and Passwords".

Creating Templates and Distribution Lists for Email Notifications

This section contains:

About Email Notifications and Templates

You can configure Oracle AVDF alerts to trigger an email when an alert is raised or a report is generated. For example, you can create an alert that is triggered every time a connection is made by an application shared schema account outside of the application (for example, APPS or SYSADM). When the user tries to log in, Oracle AVDF sends an email to two administrators warning them about misuse of the application account.

To accomplish this, you must create an email distribution list that defines who will receive the email, and then create an email template that contains a message. You select the template to be used for email notification when you define the alert rule.

Creating or Modifying an Email Distribution List

You can create an email distribution list for a specific notification purpose, that is, a list of email addresses that will receive a notification. You can specify a distribution list when notifying other users about alerts or reports.

To create or modify a distribution list:

  1. Log in to the Audit Vault Server console as an auditor.

  2. Select the Settings tab.

  3. From the Notifications menu on the left, click Distribution Lists.

    The Distribution Lists page is displayed, showing existing lists, which you can modify or delete.

  4. Click Create to add a new list, or click a list name to modify it, and then define the list as follows:

    • Name - Enter a name for the distribution list.

    • Description - (Optional) Enter a description of this list.

    • To - Enter the email addresses, separated by commas, that appear on the To line of notifications using this list.

    • CC - (Optional) Enter the email addresses, separated by commas, that appear on the CC line of notifications using this list.

  5. Click Save.

    The new list appears in the Distribution Lists page. From there, you can modify or delete distribution lists as necessary.

Creating or Modifying an Email Template

An email template enables you to specify the content of an email notification that is triggered by an alert or a report being generated.

To create or modify an email template:

  1. Log in to the Audit Vault Server console as an auditor, then click the Settings tab.

  2. From the Notifications menu on the left, click Email Templates.

    The Email Templates page displays a list of existing email templates, which you can modify or delete. Some of these templates are predefined.

  3. Click Create to create a new template, or click the name of an existing template to modify it.

  4. Select the template Type:

    • Alert: Creates an email template used for alert notifications.

    • Report Attachment: Creates an email template used for report notifications, and attaches a PDF of the report to the email.

    • Report Notification: Creates an email template used for report notifications, but does not attach the PDF file of the report.

  5. Enter or select the desired values for Name, Description, and Format of this email template.

  6. Use the available tags on the right as building blocks for the Subject and Body of the email.

    The available tags depend on the type of notification. Table 3-1 and Table 3-2 explain the tags in detail.

    For example, using these tags, you create this template:

    • For Subject, you enter Report: #AlertName#, #DateCreated#

    • For Body, you enter The #ReportName# is ready for review at #URL#.

    Then the following email notification may be generated:

    • Subject: System Privileges Report, Sept 26, 2009, 3:15:06 PM

    • Body: The System Privileges Report is ready for review at http://mau.example.com/console/f?p=7700:4:3525486105242281::NO::P4_REPORT_ID:36

  7. Click Save.

    After you create a new template, it is listed in the Notification Templates page. From there, you can modify or delete templates as necessary.

Table 3-1 lists the available tags for alert notification templates.

Table 3-1 Tags Available for Alert Notification Email Templates

Alert Tag Name Description

#AlertBody#

A special tag that is used as a shortcut to include all the available tags in the email

#AlertID#

The ID of the alert

#AlertName#

Name of the alert

#AlertTime#

Time the event causing the alert was created

#AlertSeverity#

Severity of the alert (Critical or Warning)

#AlertStatus#

Status of the Alert (for example, New, Open, or Closed)

#Description#

Description of the alert

#EventTime#

Timestamp of the event that raised the alert

#URL#

URL of the alert


Table 3-2 lists the available tags for report notification templates.

Table 3-2 Tags Available for Report Notification Email Templates

Report Tag Name Description

#ReportName#

Name of the report

#DateCreated#

Date and time the report was generated

#ReportCategory#

Report Category name, such as "Access Reports"

#URL#

URL to the report that was generated


Viewing Enforcement Point and Audit Trail Status

This section contains:

Viewing Enforcement Point Status

To view enforcement points configured for all your secured target databases:

  1. Log into the Audit Vault Server console as an auditor, and click the Settings tab or the Secured Targets tab.

  2. From the Quick Links menu, click Enforcement Points.

    You can adjust the appearance of the list from the Actions menu. See "Working with Lists of Objects in the UI".

Viewing Audit Trail Status

To view a list of audit trails collected for all your secured targets:

  1. Log into the Audit Vault Server console as an auditor, and click the Settings tab or the Secured Targets tab.

  2. From the Quick Links menu, click Audit Trails.

    Audit trails for all your secured target are listed in a table showing the trail, its status, the secured target name and type, and the host from which the trail was collected, the trail location and type.

    You can adjust the appearance of the list from the Actions menu. See "Working with Lists of Objects in the UI".

  3. Optionally, click a column title to sort by that column.

Monitoring Jobs

You can see the status of various jobs that run on the Audit Vault Server, such as report generation, and user entitlement or audit policy retrieval from secured targets.

To see the status of jobs in the Audit Vault Server:

  1. Log in to the Audit Vault Server as an Auditor.

  2. Click the Settings tab.

  3. In the System menu, click Jobs.

    A list of jobs is displayed, showing the job type, ID, timestamp, status, and associated user name.

  4. To see details for an individual job, click the icon to the left of that job. See Figure 3-1 below.