Oracle® Beehive Administrator's Guide Release 1 (1.5) Part Number E14836-04 |
|
|
View PDF |
Oracle Beehive includes a comprehensive auditing framework which allows you to record the activities of users, the disposition of artifacts, and the operation of the system.
This module contains the following topics:
Oracle Beehive includes an Audit Service, which performs the function of writing audit information to the Audit Repository, in the Oracle Beehive database. The Audit Service records a selection of information, as defined by audit policies and templates. Policies and templates, in turn, define which events will be recorded by the Audit Service.
In Oracle Beehive, auditing is for activity tracking and recording. Auditing allows you to track and record the activities of users and administrators as they perform actions in the system. These activities include logging on and off, creating, modifying, or deleting content, altering system configuration parameters, starting and stopping processes, and so forth. The goal is to provide a framework for keeping tabs on who does what to the system.
An audit record contains information about who (what user or users), what (what artifacts, services, or interfaces), where (what scope or context), when (a date/time stamp), and how (what client or interface, what command).
The Audit Service depends upon system events to trigger audit policies, causing a record to be written to the Audit Repository.
You can manage audit functions from either the beectl
command line, or from Oracle Beekeeper. To manage auditing in Oracle Beekeeper, you must log in with sufficient privileges. The AUDIT_ADMIN privilege allows you to configure audit policy, while the AUDITOR privilege allows you to read audit logs.
By default, all Administrator-controlled auditing functions are turned off.
Note:
Records Management related events are always audited. You cannot turn on or off auditing of these events. For more information about Records Management in Oracle Beehive, see "Managing Records Management".For more information about privileges, see "Managing Privileges".
The audit framework makes use of a subset of the Oracle Beehive business events, called the audit events. Audit events trigger auditing actions whenever they fit the criteria specified in an active audit policy.
You can review a list all of various categories of audit events by using the
command:beectl
list_audit_events
beectl> list_audit_events
This command lists the audit event categories, and their identifiers.
Note:
By default, no event is raised when an Oracle Beehive user sends an e-mail message. You can enable sent e-mail events, and thereby enable auditing of sent e-mails. To do so, follow the instructions in "Configuring Sent E-mail Plugins".For more information about business events in Oracle Beehive, see: Chapter 12, "Managing Oracle Beehive Events, Policies, and Workflows".
An audit template is a collection of audit events, on a particular theme. Oracle Beehive includes a collection of pre-seeded audit templates, which you can use unmodified, or as examples when developing your own audit templates. You must specify an audit template whenever you create an audit policy.
An audit policy combines a collection of events to be audited (in the form of an audit template) with a scope, to define what will be audited. Scope can be user-focused, such as a user or group, or it can be a container, such as the enterprise, or one or more organizations, workspaces, or folders. Once you create an audit policy, the system begins to record events that match the policy in the Audit Repository.
Once you have created audit policies, data is written to the Audit Repository. An audit trail is a view or report of some portion of that data. You can create and configure audit trails to include only the specific data you are interested in. You can think of an audit trail as a query of the Audit Repository.
An audit template defines a collection of events that will be audited. Oracle Beehive comes pre-seeded with a collection of audit templates around a variety of themes.
This section contains the following topics:
You can list the audit templates using the
command:beectl
list_audit_templates
beectl> list_audit_templates
You can also review the audit templates using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Templates tab. All audit templates are listed
Select any template, and then click on the Auditable Events tab to view the categories of events that the template audits. Categories included in the template are listed in the Selected Auditable Events column
Table 14-1 lists the pre-seeded audit templates, and their identifiers.
Table 14-1 Pre-Seeded Audit Templates
Event Category Name | Identifier |
---|---|
Access control |
autp=Access control events |
Address book/contact events |
autp=Address book/contact events |
Artifact events |
autp=Artifact events |
Audit management events |
autp=Audit management events |
BPEL task events |
autp=BPEL task events |
Calendar related events |
autp=Calendar related events |
Client application related events |
autp=Client application related events |
Device management/profile events |
autp=Device management/profile events |
Enterprise events |
autp=Enterprise events |
LDAP synchronization profile events |
autp=LDAP synchronization profile events |
Message events |
autp=Message events |
Organization events |
autp=Organization events |
Policy/subscription events |
autp=Policy/subscription events |
Record management events |
autp=Record management events |
Search events |
autp=Search events |
Security events |
autp=Security events |
Service configuration updated event |
autp=Service configuration updated event |
System management events |
autp=System management events |
Time management events |
autp=Time management events |
User/group management and provisioning events |
autp=User/group management and provisioning events |
Wiki-page events |
autp=Wiki-page events |
Workspace related events |
autp=Workspace related events |
XMPP events |
autp=XMPP events |
You can list details about a specific audit template by using the --name
option to enter the name of any audit template (without the autp=
prefix):
beectl> list_audit_templates --name <Name of the audit template>
For example, if you list the XMPP events
template, the following information is displayed:
beectl> list_audit_templates --name "XMPP events" Name: XMPP events Description: Audits all XMPP events Identifier: autp=XMPP events Created on: Feb 11, 2009 7:05:58 AM Last modified on: Feb 11, 2009 7:05:58 AM Event Name: XMPP events [XMPP_ASYNC_EVENTS]
On the Event Name:
line, after a description (XMPP events
), one or more event categories are listed; these correspond to a set of events that are captured by the template.
See Also:
For a complete listing of all events encompassed by each event category, see "Audit Events Structure".To create a new audit template using beectl
, create an audit template XML file, and then use the
command to upload it to the system:beectl
add_audit_template
beectl> add_audit_template --file <Full path of the input file>
To create a new audit template using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Templates tab. All audit templates are listed
Click New, and choose Audit Template
In the New Audit Template window, enter a name and description for the new template, and then select the Auditable Events tab
Select one or more event categories from the Available Auditable Events column, and use the Move arrows to move them into the Selected Auditable Events column. The template will include all of the events for each category you move to the Selected Auditable Events column
Click Apply to save your changes without closing the New Audit Template window, or click Save and Close to save your changes and close the window.
Your new template appears in the list in the Templates tab
To delete an audit template using beectl
, use the
:beectl
delete_audit_template
beectl> delete_audit_template --template <Audit template identifier>
To delete an audit template using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Templates tab. All audit templates are listed
Select a template, and click Delete. In the confirmation dialog box, click OK. The selected template is deleted
An example audit template file is located in your Oracle Beehive install folder, in the templates subfolder: ORACLE_HOME/beehive/templates/audit/templ_ex.xml
:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AuditTemplateInfo> <name>Template Name</name> <description>Template Description</description> <event>Auditable Event A</event> <event>Auditable Event B</event> </AuditTemplateInfo>
In the <name>
element, give your new template a unique name. Use the <description>
element to describe the types of events included in the template. Use <event>
elements to contain a list of each event or event category you want to include in the audit template.
An example audit template:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AuditTemplateInfo> <name>Test credential</name> <description>Sample test template</description> <event>CREDENTIAL_ASYNC_EVENTS</event> <event>LOCK_ASYNC_EVENTS</event> </AuditTemplateInfo>
You can include any auditable event or event category. To review a list of auditable events, use the
command:beectl
list_audit_events
beectl> list_audit_events
To review the list of audit event categories, see "Audit Events Structure"
An audit policy combines audit templates (which specify events) with a context. In this case, context includes any combination of:
The enterprise, or one or more organizations or workspaces or both
One or more users
One or more groups
An audit policy is a definition of rules and actions that determine which events should be recorded in the audit repository.
An audit policy dictates when the events in an audit template should be recorded in the Audit Repository. You can create many audit policies to suit your organization's requirements.
When you create an audit policy, you must use an audit template. You can use one of the pre-seeded audit templates, or, you can create a new audit template.
See Also:
For information about creating audit templates, see "Creating and Managing Oracle Beehive Audit Templates".This section contains the following topics:
You can create a new audit policy as an XML file, and then use the
command to upload it to the system:beectl
add_audit_policy
beectl> add_audit_policy --file <full path to the policy xml file>
The Audit Policy XML file used for setting audit context references an audit template you specify, and allows you to set the policy to either a level of scope (user, organization, or enterprise), or a level of the content hierarchy, such as an individual entity, folder, or workspace. If you do not reference any context (no scope is referenced, and no actor or content directive is used), then the scope is assumed to be global, and the events referenced in the audit template will be raised for ALL contexts (user or content) where that activity occurs.
You can also create a new audit policy using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Policies tab. All existing audit policies are listed
Click New. The New Audit Policy window opens
Enter a name and description for the new audit policy
Choose an audit template to use from the Template picker
Optionally, choose a scope from the Scope picker:
Click on the Scope picker icon to open the Scope picker window. The enterprise is shown by default
Select the enterprise, and then optionally click the first icon to show organizations, or the second to show workspaces, at the enterprise level of scope.
When you select a displayed organization or workspace, the picker changes to that level of scope, and you can continue to use the icons to descend the scope hierarchy. Use the back button to step up a level of scope hierarchy, and use the Filter by field to search through the currently displayed results.
Once you have located the enterprise, organization, or workspace you want to use as the scope for this policy, select it and then click OK
Optionally, choose one or more users. Select the Users tab, and click Add to add a user. The Users picker opens. Use the Search field to find users based on name or e-mail address.
Tip:
Search with an empty field to return a list of all users.When you locate a user you want to add, select it and click Add. The user appears in the list on the Users tab. Repeat this process to add additional users. Select a user and click Remove on the Users tab to remove a user from the list
Optionally, choose one or more groups. Select the Groups tab, and click Add to add a group. The Groups picker opens. Use the Search field to find groups based on name.
Tip:
Search with an empty field to return a list of all users.When you locate a group you want to add, select it and click Add. The group appears in the list on the Groups tab. Repeat this process to add additional groups. Select a user and click Remove on the Groups tab to remove a group from the list
Click Apply to save your changes without closing the New Audit Policy window, or click Save and Close to save your changes and close the window.
Your new policy appears in the list in the Policies tab
Once an Audit Policy has been put in place, events will be generated and recorded to the database Audit Repository. The act of creating an audit policy also enables that policy immediately.
To see active audit policies using beectl
, use the
command:beectl
list_audit_policies
beectl> list_audit_policies [--name <Name of the audit policy>] [--container <Container identifier>]
Optionally, you can provide a name, container, or both, to list only those policies with the name or applied to the context of the container.
Note:
One audit policy is seeded at install: theAudit Management
policy, which audits all Audit management related events.You can modify existing audit policies with beectl
using the
command:beectl
modify_audit_policy
beectl> modify_audit_policy --policy <Audit policy identifier> --file <full path to the policy xml file>
Note:
You may not change the audit template of an existing audit policy. You must create a new audit policy to apply the policy on a different container, or to use another audit template.If you make changes to an existing audit template, that will only apply to new policies you create with the template after it is updated. Existing policies will not be updated with changes made to an audit template.
You can modify existing audit policies using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Policies tab. All existing audit policies are listed
Select a policy from the list. Its details are shown in the lower pane. Using the General, Users, and Groups tabs, make your desired changes
Click Apply to apply your changes to the audit policy, or click Reset to revert to the currently-saved version of the policy
You can disable active audit policies, and re-enable inactive audit policies. This allows you to easily turn audit on and off at a granular level. To enable or disable an active audit policy using beectl
, use the
command with the beectl
modify_audit_policy--enable
option:
beectl> modify_audit_policy --policy <Audit policy identifier> --file <full path to the policy xml file> --enable [true|false]
You still must provide a path to the policy file, but if you do not wish to modify the content of the audit policy, you should reference the file originally used to create the audit policy.
You can disable and enable audit policies using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Policies tab. All existing audit policies are listed
Select an audit policy, and in the lower pane, on the General tab, select or de-select the Enabled check box to enable or disable the policy. Click Apply to apply your change. The policy is enabled or disabled.
You can delete an existing audit policy with beectl
by using the
command:beectl
delete_audit_policy
beectl> delete_audit_policy --policy <Audit policy identifier>
You can get the audit policy's identifier by using the
command.beectl
list_audit_policies
You can delete an existing audit policy with Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Policies tab. All existing audit policies are listed
Select the policy you want to delete, and click Delete. In the confirmation box, click OK. The policy is deleted
Example 14-1, "Simple Audit Policy" demonstrates a simple audit policy XML file that creates a policy sourcing the Audit management events
template, and raises events in the context of the two users listed.
Example 14-1 Simple Audit Policy
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AuditPolicyInfo> <name>Audit Management Policy</name> <description>Sample test policy</description> <template>Audit management events</template> <actor add='true' id='user=user1'/> <actor add='true' id='user=user2'/> </AuditPolicyInfo>
In this example, since no scope was specified, all events specified in the Audit management events
audit template will be audited for both of the specified users. Actors can be users or groups.
Note that there is an attribute of the <actor>
element called "add
", which in this example is set to "true
". When you modify an audit policy, you can provide an <actor>
element and set this attribute to "false
" to delete the actor from the modified audit policy. When you modify an audit policy, set this value to "true" to either add a new actor, or to modify an existing actor.
Once you have enabled auditing (by creating one or more audit policies), audit information accumulates in the Audit Repository. You can view selection of this data by running an audit trail. An audit trail is a query against the Audit Repository.
This section contains the following topics:
You can list existing audit trails with beectl
by using the beectl list_audit_trails
command:
beectl> list_audit_trails [--name <Name of the audit trail>]
You can list details about a specific audit trail by using the --name
option to reference the audit trail.
You can list existing audit trails with Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Trails tab. All existing audit trails are listed
To create an audit trail using beectl
, begin by creating an XML file for your audit trail.
An example audit trail file is located in your Oracle Beehive install folder, in the templates subfolder: ORACLE_HOME/beehive/templates/audit/trail_ex.xml
.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AuditTrailInfo> <name>Trail Name</name> <description>Trail description</description> <actor>Collab ID of actor</actor> <actor>user=sample.id</actor> <entity>Collab ID of entity</entity> <startTime>Start Time predicate</startTime> <endTime>End Time predicate</endTime> <serviceName>Service Name</serviceName> <userName>User Name</userName> <activity>Type of Activity (CREATE, DELETE, ETC)</activity> <eventType>Event Type</eventType> <predicate>Predicate Type (all, any)</predicate> </AuditTrailInfo
Add a new audit trail by using the beectl add_audit_trail
command, referencing your XML file:
beectl> add_audit_trail --file <Full path of the input file>
To create an audit trail using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Trails tab. All existing audit trails are listed
Click New. The New Audit Trail window opens
Enter a name and description for the new trail
Optionally, pick a Start Time and/or End Time. These options specify a range of dates and times for which you want to see audit records. If you leave these fields blank, records from all dates and times will be returned
Optionally, use the Actor Filter tab to specify one or more actors for whom you want to see audit records. Click the Actor Filter tab, click Add to open the Users window, and then search for actors. Select an actor and click Add to add it to the list in the Actor Filter tab. Only those records created by actions from the actors listed in the Actor Filter tab will be returned
Optionally, use the Entity Filter tab to specify one or more entities (audit templates and policies) for which you want to see audit records. Click the Entity Filter tab, click Add to open the Audited Entity Picker, and then search for entities. Select an entity and click Add to add it to the list in the Entity Filter tab. Only audit records for the entities listed in the Entity Filter tab will be returned.
Optionally, use the Cumulative Member Records tab to specify additional individual audit records for the audit trail, or to remove records that are already matched by the audit trail.
The Cumulative Member Records tab lets you select records that do not otherwise match the audit trail filter criteria, and add them to the audit trail. Click the Cumulative Member Records tab, click Add to open the Audit Record Picker, and then search for records. Select a record and click Add to add it to the list in the Cumulative Member Records tab.
Remove records from the trail by selecting them in the Cumulative Member Records list, and then clicking Remove.
Click Apply to save your changes without closing the New Audit Trail window, or click Save and Close to save your changes and close the window.
Your new trail appears in the list in the Trails tab
To modify an existing audit trail using beectl
, edit the XML file used to create the audit trail, and then reference it with the
command:beectl
modify_audit_trail
beectl> modify_audit_trail --trail <Audit trail identifier> --file <Full path of the input file>
To modify an existing audit trail using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Trails tab. All existing audit trails are listed
Select a trail from the list. In the lower pane, you can make edits to the trail. When you have finished making changes, click Apply to update the audit trail, or click Reset to revert to the saved version of the audit trail without making changes to it.
You can run an audit trail (like running a query), which extracts the data specified by the trail to a file.
To export the data using beectl
, use the beectl export_audit_trail
command, specifying the audit trail and a file for the output:
beectl export_audit_trail --trail <Audit trail identifier> --file <Full path of the output file>
You can export the data using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Trails tab. All existing audit trails are listed
Select a trail from the list
Click the Export button, and then choose a filename and location. The audit trail records are saved as an XML-formatted file.
You can validate an audit trail to ensure that there are no errors.
To validate an audit trail using beectl
, use the beectl validate_audit_trail
command:
beectl validate_audit_trail --trail <Audit trail identifier> [--count <Maximum number of audit records to print>]
To validate an audit trail using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Trails tab. All existing audit trails are listed
Select one or more trails from the list
Click the Validate button. A dialog box opens to indicate whether valid records were found for the selected audit trails.
You can delete an audit trail using beectl
, by using the
command:beectl
delete_audit_trail
beectl delete_audit_trail --trail <Audit trail identifier>
To delete an audit trail using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Trails tab. All existing audit trails are listed
Select one or more trails from the list
Click the Delete button, and click OK in the confirmation dialog box. The selected trails are deleted.
The following is an XML file used to create an example audit trail, and an example of the exported audit data based on that trail.
Example 14-3 shows two example audit records included in an exported audit trail.
Example 14-3 Example Exported Audit Trail Data
<?xml version="1.0" encoding="utf-8"?> <AuditTrail> <name>update_trail_name1221015531621640000</name> <description>Updated description</description> <createdOn>2008-09-10T02:58:49.212</createdOn> <modifiedOn>2008-09-10T02:58:53.004</modifiedOn> <recordCount>5251</recordCount> <records> <event name="ACCOUNT_LOGIN_SUCCEEDED"> <InstanceId>BEEFIX.srv.example.com</InstanceId> <HomeInstance>BEEFIX.srv.example.com</HomeInstance> <HostId>srv.example.com</HostId> <HostNwaddr>srv.example.com</HostNwaddr> <OracleHome>/private/jdoe/product/b1.0.4/beefix</OracleHome> <OrgId>26703</OrgId> <ComponentId>23333</ComponentId> <HostingClientId>null</HostingClientId> <ClientOS>null</ClientOS> <RemoteIP>null</RemoteIP> <ModuleId>ocs</ModuleId> <ProcessId>ocs</ProcessId> <ThreadId>0</ThreadId> <UpstreamComponentId>OCSAPP</UpstreamComponentId> <DownstreamComponentId>OCSCORE</DownstreamComponentId> <ECID>684F:5B25:aurc:54131E861EC8CC82E040578C9B9A7310000000008621</ECID> <SessionId>476</SessionId> <LogonTime>2008-09-09T18:38:04.000</LogonTime> <AuthenticationMethod>PLAIN</AuthenticationMethod> <ApplicationName>LOGON</ApplicationName> <EventType>ACCOUNT_LOGIN_SUCCEEDED</EventType> <EventCategory>LOGIN</EventCategory> <EventStatus>SUCCESS</EventStatus> <TstzOriginating>2008-09-10T01:38:04.184</TstzOriginating> <ComponentName>LOGON</ComponentName> <Initiator>user=beeadmin</Initiator> <UserName>beeadmin</UserName> <MessageText>null</MessageText> <FailureCode>SUCCESS</FailureCode> <Target>enpr=Example</Target> <Resource>enpr=Example</Resource> <Roles>principal=beeadmin</Roles> <UserSession>684F:5B25:pcpl:C57ACA07B48D48499CE221AA5F0F01E8000000000002</UserSession> <PrincipalType>PRIM</PrincipalType> <Information>{{SOURCE: }}; {{TARGET: }}</Information> </event> <event name="ACCOUNT_LOGIN_SUCCEEDED"> <InstanceId>BEEFIX.srv.example.com</InstanceId> <HomeInstance>BEEFIX.srv.example.com</HomeInstance> <HostId>srv.example.com</HostId> <HostNwaddr>srv.example.com</HostNwaddr> <OracleHome>/private/jdoe/product/b1.0.4/beefix</OracleHome> <OrgId>26703</OrgId> <ComponentId>23333</ComponentId> <HostingClientId>null</HostingClientId> <ClientOS>null</ClientOS> <RemoteIP>null</RemoteIP> <ModuleId>ocs</ModuleId> <ProcessId>ocs</ProcessId> <ThreadId>0</ThreadId> <UpstreamComponentId>OCSAPP</UpstreamComponentId> <DownstreamComponentId>OCSCORE</DownstreamComponentId> <ECID>684F:5B25:aurc:54131E861EC8CC82E040578C9B9A7310000000008623</ECID> <SessionId>477</SessionId> <LogonTime>2008-09-09T18:38:05.000</LogonTime> <AuthenticationMethod>PLAIN</AuthenticationMethod> <ApplicationName>LOGON</ApplicationName> <EventType>ACCOUNT_LOGIN_SUCCEEDED</EventType> <EventCategory>LOGIN</EventCategory> <EventStatus>SUCCESS</EventStatus> <TstzOriginating>2008-09-10T01:38:04.570</TstzOriginating> <ComponentName>LOGON</ComponentName> <Initiator>user=beeadmin</Initiator> <UserName>beeadmin</UserName> <MessageText>null</MessageText> <FailureCode>SUCCESS</FailureCode> <Target>enpr=Example</Target> <Resource>enpr=Example</Resource> <Roles>principal=beeadmin</Roles> <UserSession>684F:5B25:pcpl:C57ACA07B48D48499CE221AA5F0F01E8000000000002</UserSession> <PrincipalType>PRIM</PrincipalType> <Information>{{SOURCE: }}; {{TARGET: }}</Information> </event> </records> </AuditTrail>
This reference section lists all of the audit events included in each audit event category.
Access Control Events
Table 14-2 lists auditable events related to access control.
Table 14-2 Access Control Events
Event Subcategory | Events |
---|---|
ASSIGNED_ROLE_ASYNC_EVENTS |
ASSIGNED_ROLE_DELETED ASSIGNED_ROLE_UPDATED ASSIGNED_ROLE_CREATED |
DELEGATED_ROLE_ASYNC_EVENTS |
DELEGATED_ROLE_UPDATED DELEGATED_ROLE_CREATED DELEGATED_ROLE_DELETED |
ROLE_DEFINITION_ASYNC_EVENTS |
ROLE_DEFINITION_UPDATED ROLE_DEFINITION_CREATED ROLE_DEFINITION_DELETED |
SENSITIVITY_ASYNC_EVENTS |
SENSITIVITY_DELETED SENSITIVITY_CREATED SENSITIVITY_UPDATED |
Address Book Events
Table 14-3 lists auditable events related to address books.
Table 14-3 Address Book Events
Event Subcategory | Events |
---|---|
ADDRESSBOOK_ASYNC_EVENTS |
ADDRESSBOOK_MOVED ADDRESSBOOK_UNDELETED ADDRESSBOOK_CREATED ADDRESSBOOK_DELETED ADDRESSBOOK_UPDATED |
PERSON_CONTACT_ASYNC_EVENTS |
PERSON_CONTACT_DELETED PERSON_CONTACT_CREATED PERSON_CONTACT_UNDELETED PERSON_CONTACT_UPDATED PERSON_CONTACT_MOVED |
RESOURCE_CONTACT_ASYNC_EVENTS |
RESOURCE_CONTACT_UPDATED RESOURCE_CONTACT_CREATED RESOURCE_CONTACT_DELETED RESOURCE_CONTACT_MOVED RESOURCE_CONTACT_UNDELETED |
Artifact Events
Table 14-4 lists auditable events related to artifacts.
Table 14-4 Artifact Events
Event Subcategory | Events |
---|---|
ANNOUNCEMENT_ASYNC_EVENTS |
ANNOUNCEMENT_DELETED ANNOUNCEMENT_UPDATED ANNOUNCEMENT_UNDELETED ANNOUNCEMENT_ARCHIVED ANNOUNCEMENT_CREATED |
BOND_ASYNC_EVENTS |
BOND_DELETED BOND_CREATED BOND_UPDATED |
CATEGORY_ASYNC_EVENTS |
CATEGORY_REMOVED CATEGORY_APPLIED CATEGORY_DELETED CATEGORY_CREATED CATEGORY_UPDATED |
DFDRAFT_ASYNC_EVENTS |
DFDRAFT_MOVED DFDRAFT_UPDATED DFDRAFT_UNDELETED DFDRAFT_CREATED DFDRAFT_ARCHIVED DFDRAFT_DELETED |
DOCUMENT_ASYNC_EVENTS |
DOCUMENT_DELETED DOCUMENT_UPDATED DOCUMENT_CHECKEDIN DOCUMENT_MOVED DOCUMENT_WORKING_COPY_UPDATED DOCUMENT_CHECKOUT_CANCELLED DOCUMENT_CREATED DOCUMENT_UNDELETED DOCUMENT_CHECKEDOUT DOCUMENT_ARCHIVED |
ENTITY_LOCK_ASYNC_EVENTS |
ENTITY_LOCKED ENTITY_UNLOCKED |
EXTERNAL_ARTIFACT_ASYNC_EVENTS |
EA_CREATED EA_DELETED EA_UPDATED |
FOLDER_ASYNC_EVENTS |
FOLDER_MOVED FOLDER_UNDELETED FOLDER_ARCHIVED FOLDER_UPDATED FOLDER_CREATED FOLDER_DELETED |
FORUM_ASYNC_EVENTS |
FORUM_MOVED FORUM_CREATED FORUM_UNDELETED FORUM_ARCHIVED FORUM_DELETED FORUM_UPDATED |
LABEL_ASYNC_EVENTS |
LABEL_APPLIED LABEL_REMOVED LABEL_CREATED LABEL_DELETED LABEL_UPDATED |
LINK_ASYNC_EVENTS |
LINK_DELETED LINK_COPIED LINK_CREATED LINK_MOVED LINK_UPDATED LINK_UNDELETED |
LOCK_ASYNC_EVENTS |
ENTITY_LOCKED LOCK_UPDATED ENTITY_UNLOCKED |
NOTIFICATION_EVENTS |
|
TOPIC_ASYNC_EVENTS |
TOPIC_ARCHIVED TOPIC_MOVED TOPIC_DELETED TOPIC_CREATED TOPIC_UNDELETED TOPIC_UPDATED |
Table 14-5 lists auditable events in the sub-category of Notification events.
Table 14-5 Notification Events
Event Subcategory | Events |
---|---|
NOTIFICATION_ASYNC_EVENTS |
NOTIFICATION_CREATED NOTIFICATION_UPDATED NOTIFICATION_DELETED |
NOTIFICATION_SCHEMA_ASYNC_EVENTS |
NOTIFICATION_SCHEMA_DELETED NOTIFICATION_SCHEMA_CREATED NOTIFICATION_SCHEMA_UPDATED |
Audit Events
Table 14-6 lists auditable events related to each audit event category.
Table 14-6 Audit Events
Event Subcategory | Events |
---|---|
AUDIT_ASYNC_EVENTS |
AUDIT_TRAIL_DELETED AUDIT_TEMPLATE_DELETED AUDIT_TRAIL_UPDATED AUDIT_TEMPLATE_CREATED AUDIT_POLICY_DELETED AUDIT_POLICY_CREATED AUDIT_TEMPLATE_UPDATED AUDIT_POLICY_ENABLED AUDIT_POLICY_UPDATED AUDIT_TRAIL_CREATED AUDIT_POLICY_DISABLED |
AUDIT_ASYNC_FAILED_EVE |
AUDIT_POLICY_CREATE_FAILED AUDIT_TRAIL_UPDATE_FAILED AUDIT_TRAIL_CREATE_FAILED AUDIT_TRAIL_DELETE_FAILED AUDIT_TEMPLATE_UPDATE_FAILED AUDIT_POLICY_DELETE_FAILED AUDIT_TEMPLATE_CREATE_FAILED AUDIT_POLICY_UPDATE_FAILED AUDIT_TEMPLATE_DELETE_FAILED AUDIT_POLICY_DISABLE_FAILED AUDIT_POLICY_ENABLE_FAILED |
BPEL Task Events
Table 14-7 lists auditable events related to BPEL tasks.
Table 14-7 BPEL Task Events
Event Subcategory | Events |
---|---|
BPEL_TASK_ASYNC_EVENTS |
BPEL_TASK_ASSIGNED BPEL_TASK_COMPLETED BPEL_TASK_UPDATED |
Calendar Events
Table 14-8 lists auditable events related to calendars.
Table 14-8 Calendar Events
Event Subcategory | Events |
---|---|
CALENDAR_ASYNC_EVENTS |
CALENDAR_ADDED CALENDAR_REMOVED CALENDAR_UPDATED |
DEFAULT_REMINDER_ASYNC_EVENTS |
DEFAULT_REMINDER_ADDED DEFAULT_REMINDER_REMOVED DEFAULT_REMINDER_UPDATED |
INVITATION_ASYNC_EVENTS |
INVITATION_ADDED INVITATION_REMOVED INVITATION_UPDATED |
OCCURRENCE_ASYNC_EVENTS |
OCCURRENCE_ADDED OCCURRENCE_REMOVED OCCURRENCE_UPDATED |
REMINDER_ASYNC_EVENTS |
REMINDER_ADDED REMINDER_REMOVED REMINDER_UPDATED |
RESOURCE_ASYNC_EVENTS |
RESOURCE_CREATED RESOURCE_DELETED RESOURCE_UPDATED |
TASKLIST_ASYNC_EVENTS |
TASKLIST_ADDED TASKLIST_REMOVED TASKLIST_UPDATED |
TODO_ASYNC_EVENTS |
TODO_ADDED TODO_REMOVED TODO_UPDATED |
Client Application Events
Table 14-9 lists auditable events related to client applications.
Table 14-9 Client Application Events
Event Subcategory | Events |
---|---|
CLIENT_APPLICATION_ASYNC_EVENTS |
CLIENT_APPLICATION_CREATED CLIENT_APPLICATION_DELETED |
CLIENT_APPLICATION_PATCHSET_ASYNC_EVENTS |
CLIENT_APPLICATION_PATCHSET_DELETED CLIENT_APPLICATION_PATCHSET_CREATED |
CLIENT_APPLICATION_PROV_UPDATED |
CLIENT_APPLICATION_PROV_UPDATED |
CLIENT_APPLICATION_VERSION_ASYNC_EVENTS |
CLIENT_APPLICATION_VERSION_DELETED CLIENT_APPLICATION_VERSION_CREATED |
Device Management Events
Table 14-10 lists auditable events related to device management.
Table 14-10 Device Management Events
Event Subcategory | Events |
---|---|
DEVICE_ASYNC_EVENTS |
DEVICE_CREATED DEVICE_DELETED DEVICE_UPDATED |
DEVICE_PROFILE_ASYNC_EVENTS |
DEVICE_PROFILE_UPDATED DEVICE_PROFILE_CREATED DEVICE_PROFILE_DELETED |
DEVICE_TYPE_ASYNC_EVENTS |
DEVICE_TYPE_DELETED DEVICE_TYPE_CREATED DEVICE_TYPE_UPDATED |
Enterprise Events
Table 14-11 lists auditable events related to Enterprises.
Table 14-11 Enterprise Events
Event Subcategory | Events |
---|---|
ENTERPRISE_ASYNC_EVENTS |
ENTERPRISE_ARCHIVEPURGED ENTERPRISE_DELETED ENTERPRISE_UPDATED ENTERPRISE_CREATED |
LDAP Sync Profile Events
Table 14-12 lists auditable events related to LDAP sync profiles.
Table 14-12 LDAP Sync Profile Events
Event Subcategory | Events |
---|---|
LDAP_SYNC_PROFILE_ASYNC_EVENTS |
LDAP_SYNC_PROFILE_DELETED LDAP_SYNC_PROFILE_CREATED |
Message Events
Table 14-13 lists auditable events related to messages.
Table 14-13 Message Events
Event Subcategory | Events |
---|---|
DISCUSSION_MESSAGE_ASYNC_EVENTS |
DISCUSSION_MESSAGE_ARCHIVED DISCUSSION_MESSAGE_DELETED DISCUSSION_MESSAGE_UPDATED DISCUSSION_MESSAGE_CREATED DISCUSSION_MESSAGE_MOVED |
ES_ASYNC_EVENTS |
ES_MSG_MOVED ES_MSG_DELETED ES_MSG_UNDELETED ES_MSG_DELIVERED ES_MSG_UPDATED ES_MSG_ADDED |
FAX_MESSAGE_ASYNC_EVENTS |
FAX_MESSAGE_UPDATED FAX_MESSAGE_MOVED FAX_MESSAGE_DELETED FAX_MESSAGE_COPIED FAX_MESSAGE_CREATED |
IMS_ASYNC_EVENTS |
[IMS_OFFLINE_MSG_ADDED IMS_OFFLINE_MSG_DELETED IMS_OFFLINE_MSG_MOVED IMS_OFFLINE_MSG_UNDELETED |
MESSAGE_DELIVERY_ASYNC_EVENTS |
MESSAGE_DELIVERY_STATUS_UPDATED MESSAGE_DELIVERY_STATUS_DELETED MESSAGE_DELIVERY_STATUS_CREATED |
NOTIFICATION_EVENTS |
|
VOICE_MESSAGE_ASYNC_EVENTS |
VOICE_MESSAGE_MOVED VOICE_MESSAGE_CREATED VOICE_MESSAGE_UPDATED VOICE_MESSAGE_DELETED VOICE_MESSAGE_COPIED |
Organization Events
Table 14-14 lists auditable events related to Organizations.
Table 14-14 Organization Events
Event Subcategory | Events |
---|---|
ORGANIZATION_ASYNC_EVENTS |
ORGANIZATION_ARCHIVED ORGANIZATION_UPDATED ORGANIZATION_CREATED ORGANIZATION_DELETED |
Policy Subscription Events
Table 14-15 lists auditable events related to policies and subscriptions.
Table 14-15 Policy Subscription Events
Event Subcategory | Events |
---|---|
POLICY_ASYNC_EVENTS |
POLICY_UPDATED POLICY_DELETED POLICY_CREATED |
SUBSCRIPTION_ASYNC_EVENTS |
SUBSCRIPTION_UPDATED SUBSCRIPTION_ENABLED SUBSCRIPTION_DELETED SUBSCRIPTION_DISABLED SUBSCRIPTION_CREATED |
SUBSCRIPTION_TEMPLATE_ASYNC_EVENTS |
SUBSCRIPTION_TEMPLATE_CREATED SUBSCRIPTION_TEMPLATE_DELETED SUBSCRIPTION_TEMPLATE_UPDATED |
Records Management Events
Table 14-16 lists auditable events related to Records Management.
Table 14-16 Records Management Events
Event Subcategory | Events |
---|---|
RM_ASYNC_EVENTS |
RECORD_UNFILED RECORD_FILED RECORD_DISP_PROC_STEP_SUCCEEDED RECORD_PURGED |
RM_ASYNC_FAILED_EVENTS |
RECORD_CREATE_FAILED RECORD_DELETE_FAILED RECORD_PURGE_FAILED RECORD_DISP_PROC_STEP_FAILED |
Search Events
Table 14-17 lists auditable events related to search.
Table 14-17 Search Events
Event Subcategory | Events |
---|---|
SEARCH_ASYNC_EVENTS |
SEARCH_FINISHED SEARCH_STARTED |
Security Events
Table 14-19 lists auditable events related to security.
Table 14-18 Security Events
Event Subcategory | Events |
---|---|
ACCOUNT_ASYNC_EVENTS |
ACCOUNT_LOGIN_SUCCEEDED ACCOUNT_LOGOUT_SUCCEEDED ACCOUNT_LOCKED |
ACCOUNT_ASYNC_FAILED_EVENTS |
ACCOUNT_LOGIN_FAILED |
CREDENTIAL_ASYNC_EVENTS |
CREDENTIAL_DELETED CREDENTIAL_EXPIRED CREDENTIAL_RESET CREDENTIAL_UPDATED CREDENTIAL_CREATED |
CREDENTIAL_ASYNC_FAILED_EVENTS |
CREDENTIAL_DELETE_FAILED CREDENTIAL_CREATE_FAILED CREDENTIAL_UPDATE_FAILED CREDENTIAL_RESET_FAILED |
Service Configuration Update Events
Table 14-19 lists auditable events related to Service configuration updates.
Table 14-19 Service Configuration Update Events
Event Subcategory | Events |
---|---|
SERVICE_CONFIG_UPDATED |
SERVICE_CONFIG_UPDATED |
System Events
Table 14-20 lists auditable events related to the core Oracle Beehive system.
Table 14-20 System Events
Event Subcategory | Events |
---|---|
INSTANCE_START_STOP_ASYNC_EVENTS |
INSTANCE_STARTED INSTANCE_STOPPED |
SYSTEM_START_STOP_ASYNC_EVENTS |
SERVICE_STOPPED INSTANCE_STOPPED SERVICE_STARTED INSTANCE_STARTED |
Time Management Events
Table 14-21 lists auditable events related to time management.
Table 14-21 Time Management Events
Event Subcategory | Events |
---|---|
TM_SUBSCRIPTION_ASSIGNMENT_ASYNC_EVENTS |
TM_SUBSCRIPTION_ASSIGNMENT_INDIRECTLY_DELETED TM_SUBSCRIPTION_ASSIGNMENT_INDIRECTLY_UPDATED TM_SUBSCRIPTION_ASSIGNMENT_NEW_OR_TIME_UPDATED |
TM_SUBSCRIPTION_INVITATION_ASYNC_EVENTS |
TM_SUBSCRIPTION_INVITATION_INDIRECTLY_DELETED TM_SUBSCRIPTION_INVITATION_INDIRECTLY_UPDATED TM_SUBSCRIPTION_INVITATION_NEW_OR_RESCHED |
TM_SUBSCRIPTION_INVITATION_SERIES_ASYNC_EVENTS |
TM_SUBSCRIPTION_INVITATION_SERIES_INDIRECTLY_DELETED TM_SUBSCRIPTION_INVITATION_SERIES_INDIRECTLY_UPDATED TM_SUBSCRIPTION_INVITATION_SERIES_NEW_OR_RESCHED |
TM_SUBSCRIPTION_OCCURRENCE_ASYNC_EVENTS |
TM_SUBSCRIPTION_OCCURRENCE_RESOURCE_PARTICIPANT_INDIRECTLY_UPDATED TM_SUBSCRIPTION_OCCURRENCE_USER_PARTICIPANT_INDIRECTLY_UPDATED |
TM_SUBSCRIPTION_TODO_PARTICIPANT_INDIRECTLY_UPDATED |
TM_SUBSCRIPTION_TODO_PARTICIPANT_INDIRECTLY_UPDATED |
TM_TIMEZONE_DEFINITION_UPDATED |
TM_TIMEZONE_DEFINITION_UPDATED |
TM_WORKFLOW_ASYNC_EVENTS |
TM_WORKFLOW_ASSIGNMENT_APPROVED TM_WORKFLOW_ASSIGNMENT_REJECTED |
User Management Events
Table 14-22 lists auditable events related to user management.
Table 14-22 User Management Events
Event Subcategory | Events |
---|---|
EXTERNAL_PERSON_ASYNC_EVENTS |
EXTERNAL_PERSON_PURGED EXTERNAL_PERSON_CREATED EXTERNAL_PERSON_DELETED EXTERNAL_PERSON_UPDATED |
GROUP_ASYNC_EVENTS |
GROUP_UPDATED GROUP_PURGED GROUP_DELETED GROUP_CREATED GROUP_UNDELETED |
USER_ASYNC_EVENTS |
USER_UPDATED USER_DELETED USER_PURGED USER_CREATED |
Workspace Events
Table 14-2 lists auditable events related to Workspaces.
Table 14-23 Workspace Events
Event Subcategory | Events |
---|---|
VERS_CFG_ASYNC_EVENTS |
VERS_CFG_DELETED VERS_CFG_UPDATED VERS_CFG_CREATED |
WORKSPACE_ASYNC_EVENTS |
WORKSPACE_PURGED WORKSPACE_CREATED WORKSPACE_ARCHIVED WORKSPACE_DELETED WORKSPACE_UPDATED |
WORKSPACE_QUOTA_ASYNC_EVENTS |
WORKSPACE_HQUOTA_OVERFLOW WORKSPACE_SQUOTA_OVERFLOW |
XMPP Events
Table 14-24 lists auditable events related to XMPP messaging.