|
Implementation Guide for Oracle Self-Service E-Billing > Using the Reporting Engine >
Reporting on User Audit Data
Oracle Self-Service E-Billling audits some enrollment user actions performed in the Billing and Payment application. Oracle Self-Service E-Billling audits the following actions that occur when creating users:
- A B2B administrator creates another B2B user's account.
- A B2C user creates his or her own account.
- The default CSR administrator creates another CSR administrator account.
- A CSR administrator creates a CSR user's account.
- A CSR administrator creates another B2B administrator's account.
- A CSR user (administrator or CSR) impersonates a B2B administrator creating another B2B user's account.
Oracle Self-Service E-Billling audits the following actions that occur when enrolling users:
- An end user (B2B or B2C) enrolls.
- A CSR user (administrator or CSR) enrolls.
Oracle Self-Service E-Billling audits the following actions that occur when updating user profiles:
- An end user (B2B or B2C) updates his or her own user access information.
- An end user (B2B or B2C) updates his or her own notification settings.
- A B2B user (administrator or manager) updates another B2B user's user access information.
- A CSR user (administrator or CSR) updates his or her own user access information.
- A CSR administrator updates another CSR user's user access information.
- A CSR user (administrator or CSR) updates another B2B user's user access information.
- A CSR user (administrator or CSR) updates the following by impersonation:
- His or her own notification settings (B2B or B2C).
- His or her own user access information (B2B or B2C).
- A B2B user (administrator or manager) updates another B2B user's user access information.
- A B2B, B2C, or CSR user enrolls to complete the reactivation process after clicking the URL in an email notification.
- A B2B, B2C, or CSR user resets his or her forgotten password.
- A migrated B2B, B2C, or CSR user creates a new HIPPA-compliant password after clicking the URL in the email notification.
- A B2B, B2C, or CSR user updates his or her own expired password.
Oracle Self-Service E-Billling audits the following actions that occur when deleting users:
- A B2B administrator user deletes another B2B user's account.
- A CSR user (administrator or CSR) deletes an end user's account.
- A CSR administrator deletes another CSR user's account.
- A CSR user (administrator or CSR) impersonates a B2B administrator user deleting another B2B user's account.
Oracle Self-Service E-Billling audits the following actions that occur when logging in and out:
- An end user (B2B or B2C) logs in.
- A CSR user (administrator or CSR) logs in.
- A CSR user (administrator or CSR) impersonates a B2B or B2C user logging in or out.
- A B2B, B2C, or CSR user fails to log in.
- A CSR administrator reactivates a locked-out account.
You can report on the audit data for each user role, including the user who performed the action, the date and time, IP address, and various attributes. For details about payment audit data, see About Payment Auditing. For information about database auditing, see Auditing Database Administration Activity. You can create customized reports on the audited user enrollment data. Oracle Self-Service E-Billling stores audit data for user enrollment activities in the EDX_UMF_USER_AUDIT table. Table 46 describes the EDX_UMF_USER_AUDIT table:
Table 46. EDX_UMF_USER_AUDIT Table
|
|
ID |
A unique ID assigned to the each occurrence of a user enrollment event, generated automatically by sequence. |
USER_ID |
The ID of the user who performed the action, either on his or her own account or on another user's account. |
ACTION |
The ID indicating the type of user action. (Action type IDs are defined in the EDX_UMF_USER_ACTION_TYPE table.) |
ACTION_DATE |
The date of the user action. |
TARGET_USER_ID |
The ID of the target user. If the user performed the action on his or her own account (the target user is the same as the USER_ID), the value in this column is null. |
USER_ROLE |
The role of the user who performed the action. |
NOTES |
The reason for locking an account: Incorrect Login, Reset Password, Security Question, or Account Expired. (User account reactivation only.) |
ATTRIBUTES |
The changed attribute. |
IP_ADDRESS |
The IP address of the user who accessed the Billing and Payment application. |
Table 47 describesdescribesdescribes user action type table, EDX_UMF_USER_ACTION_TYPE:
Table 47. Definition of the EDX_UMF_USER_ACTION_TYPE Table
|
|
ID |
ID associated with the user action type. |
TYPE |
User action type. |
RESOURCE_KEY |
Key for the language resource bundle. |
Table 48 shows the ID associated with each type of user action. These associations are stored in the EDX_UMF_USER_ACTION_TYPE Table:
Table 48. ID of User Action Types Stored in the iEDX_UMF_USER_ACTION_TYPE Table
|
|
1 |
Reactivate |
2 |
Impersonate-login |
3 |
Impersonate-logout |
4 |
Login |
5 |
Logout |
6 |
Update user profile |
7 |
Update notifications |
9 |
Reset password |
10 |
Create user |
13 |
Enroll user |
16 |
Delete user |
17 |
Login failure |
Table 49 shows the user action type recorded in the EDX_UMF_USER_AUDIT table for each user enrollment activity in Oracle Self-Service E-Billling.
Table 49. User Action Types Used for Each User Enrollment Activity
User Action Type ID and Description |
Associated User Enrollment Activities |
|
1 - Reactivate |
A CSR administrator reactivates a locked-out account. |
Password |
2-Impersonate-login |
A CSR user (administrator or CSR) impersonates a B2B or B2C user logging in. |
Null |
3-Impersonate- logout |
A CSR user (administrator or CSR) impersonates a B2B or B2C user logging out. |
Null |
4-Login |
A B2B, B2C, or CSR user logs in. |
Null |
5-Logout |
A B2B, B2C, or CSR user logs in. |
Null |
6 - Update user profile |
- A B2B, B2C, or CSR user updates his or her own user access information.
|
One of the following:
- One or more of the following: First name, last name, and email address
- Password
- Security question and answer
|
|
- A B2B user (administrator or manager) updates another B2B user's access information.
- A CSR administrator updates another CSR user's access information.
- A CSR user (administrator or CSR) updates a B2B or B2C user's access information by impersonation.
|
One of the following:
- One or more of the following: First name, last name, and email address
- Role
|
|
- A migrated B2B, B2C, or CSR user creates a new HIPPA-compliant password.
|
Null |
|
- A B2B, B2C, or CSR user updates his or her own expired password.
|
Password |
7 - Update notifications |
- An end user (B2B or B2C) updates his or her own notification settings.
- A CSR user (administrator or CSR) updates a B2B or B2C user's notifications by impersonation.
|
Notifications |
9 - Reset password |
A B2B, B2C, or CSR user resets his or her forgotten password. |
Password |
10 - Create user |
- A B2B administrator creates another B2B user's account.
- A B2C user creates his or her own account.
- The default CSR administrator creates another CSR administrator account.
- A CSR administrator creates another CSR user's account.
- A CSR administrator creates a B2B administrator's account.
- A CSR administrator or user creates a B2B user's account while impersonating a B2B administrator.
|
Null |
13 - Enroll user |
- A B2B or B2C end user enrolls.
- A CSR user (administrator or CSR) enrolls.
- A migrated B2B, B2C, or CSR user creates a new HIPPA-compliant password.
|
Null |
|
- A B2B, B2C, or CSR user enrolls to complete the reactivation process after clicking the URL in an email notification.
|
Security Question and Answer |
16 - Delete user |
- A B2B administrator user deletes another B2B user's account.
- A CSR user (administrator or CSR) deletes a B2B or B2C end user's account by impersonation.
- A CSR administrator deletes another CSR user's account.
|
Null |
17 - Login failure |
A B2B, B2C, or CSR user login fails. |
Null |
|
