| Oracle® Beehive Administrator's Guide Release 2 (2.0.1.8) Part Number E16648-07 |
|
|
PDF · Mobi · ePub |
| Oracle® Beehive Administrator's Guide Release 2 (2.0.1.8) Part Number E16648-07 |
|
|
PDF · Mobi · ePub |
Oracle Beehive includes a comprehensive auditing framework which allows you to record the activities of users, the disposition of artifacts, and the operation of the system.
This module contains the following topics:
Oracle Beehive includes an Audit Service, which performs the function of writing audit information to the Audit Repository, in the Oracle Beehive database. The Audit Service records a selection of information, as defined by audit policies and templates. Policies and templates, in turn, define which events will be recorded by the Audit Service.
In Oracle Beehive, auditing is for activity tracking and recording. Auditing allows you to track and record the activities of users and administrators as they perform actions in the system. These activities include logging on and off, creating, modifying, or deleting content, altering system configuration parameters, starting and stopping processes, and so forth. The goal is to provide a framework for keeping tabs on who does what to the system.
An audit record contains information about who (what user or users), what (what artifacts, services, or interfaces), where (what scope or context), when (a date/time stamp), and how (what client or interface, what command).
The Audit Service depends upon system events to trigger audit policies, causing a record to be written to the Audit Repository.
You can manage audit functions from either the beectl command line, or from Oracle Beekeeper. To manage auditing in Oracle Beekeeper, you must log in with sufficient privileges. The AUDIT_ADMIN privilege allows you to configure audit policy, while the AUDITOR privilege allows you to read audit logs.
By default, all Administrator-controlled auditing functions are turned off.
Note:
Records Management related events are always audited. You cannot turn on or off auditing of these events. For more information about Records Management in Oracle Beehive, see Chapter 7, "Integrating Oracle Universal Records Management (Oracle URM) with Oracle Beehive" in the Oracle Beehive Integration Guide.For more information about privileges, see "Managing Privileges".
The audit framework makes use of a subset of the Oracle Beehive business events, called the audit events. Audit events trigger auditing actions whenever they fit the criteria specified in an active audit policy.
You can review a list all of various categories of audit events by using the beectl list_events
beectl> list_events
This command lists the audit event categories, and their identifiers.
Note:
By default, no event is raised when an Oracle Beehive user sends an e-mail message. You can enable sent e-mail events, and thereby enable auditing of sent e-mails. To do so, follow the instructions in "Configuring Sent E-mail Plugins".For more information about business events in Oracle Beehive, see: Chapter 11, "Managing Oracle Beehive Events and Policies".
By default, certain events related to the Time Management Service are disabled. These events will not be audited when they occur unless you enable them. See "Disabled Events" for a list of the disabled events.
If you want to audit any of these events, you must enable them by changing the EnableGenericClassOfTMBusinessEvents property of the Time Management Service. See Chapter 4, "Oracle Beehive Parameter Reference," in the Oracle Beehive Administrator's Reference Guide
An audit policy combines a collection of events to be audited with a scope, to define what will be audited. Scope can be user-focused, such as a user or group, or it can be a container, such as the enterprise, or one or more organizations, workspaces, or folders. Once you create an audit policy, the system begins to record events that match the policy in the Audit Repository.
Once you have created audit policies, data is written to the Audit Repository. An audit trail is a view or report of some portion of that data. You can create and configure audit trails to include only the specific data you are interested in. You can think of an audit trail as a query of the Audit Repository.
An audit policy combines audit templates (which specify events) with a context. In this case, context includes any combination of:
The enterprise, or one or more organizations or workspaces or both
One or more users
One or more groups
An audit policy is a definition of rules and actions that determine which events should be recorded in the audit repository.
An audit policy dictates when the events in an audit template should be recorded in the Audit Repository. You can create many audit policies to suit your organization's requirements.
This section contains the following topics:
You can create a new audit policy as an XML file, and then use the beectl add_audit_policy
beectl> add_audit_policy --file <full path to the policy xml file>
The Audit Policy XML file used for setting audit context references an audit template you specify, and allows you to set the policy to either a level of scope (user, organization, or enterprise), or a level of the content hierarchy, such as an individual entity, folder, or workspace. If you do not reference any context (no scope is referenced, and no actor or content directive is used), then the scope is assumed to be global, and the events referenced in the audit template will be raised for ALL contexts (user or content) where that activity occurs.
You can also create a new audit policy using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Policies tab. All existing audit policies are listed
Click New. The New Audit Policy window opens
Enter a name and description for the new audit policy
Choose an audit template to use from the Template picker
Optionally, choose a scope from the Scope picker:
Click on the Scope picker icon to open the Scope picker window. The enterprise is shown by default
Select the enterprise, and then optionally click the first icon to show organizations, or the second to show workspaces, at the enterprise level of scope.
When you select a displayed organization or workspace, the picker changes to that level of scope, and you can continue to use the icons to descend the scope hierarchy. Use the back button to step up a level of scope hierarchy, and use the Filter by field to search through the currently displayed results.
Once you have located the enterprise, organization, or workspace you want to use as the scope for this policy, select it and then click OK
Optionally, choose one or more users. Select the Users tab, and click Add to add a user. The Users picker opens. Use the Search field to find users based on name or e-mail address.
Tip:
Search with an empty field to return a list of all users.When you locate a user you want to add, select it and click Add. The user appears in the list on the Users tab. Repeat this process to add additional users. Select a user and click Remove on the Users tab to remove a user from the list
Optionally, choose one or more groups. Select the Groups tab, and click Add to add a group. The Groups picker opens. Use the Search field to find groups based on name.
Tip:
Search with an empty field to return a list of all users.When you locate a group you want to add, select it and click Add. The group appears in the list on the Groups tab. Repeat this process to add additional groups. Select a user and click Remove on the Groups tab to remove a group from the list
Click Apply to save your changes without closing the New Audit Policy window, or click Save and Close to save your changes and close the window.
Your new policy appears in the list in the Policies tab
Once an Audit Policy has been put in place, events will be generated and recorded to the database Audit Repository. The act of creating an audit policy also enables that policy immediately.
To see active audit policies using beectl, use the beectl list_audit_policies
beectl> list_audit_policies [--name <Name of the audit policy>] [--container <Container identifier>]
Optionally, you can provide a name, container, or both, to list only those policies with the name or applied to the context of the container.
Note:
One audit policy is seeded at install: the
Audit Management policy, which audits all Audit management related events.You can modify existing audit policies with beectl using the beectl modify_audit_policy
beectl> modify_audit_policy --policy <Audit policy identifier> --file <full path to the policy xml file>
Note:
You may not change the audit template of an existing audit policy. You must create a new audit policy to apply the policy on a different container, or to use another audit template.If you make changes to an existing audit template, that will only apply to new policies you create with the template after it is updated. Existing policies will not be updated with changes made to an audit template.
You can modify existing audit policies using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Policies tab. All existing audit policies are listed
Select a policy from the list. Its details are shown in the lower pane. Using the General, Users, and Groups tabs, make your desired changes
Click Apply to apply your changes to the audit policy, or click Reset to revert to the currently-saved version of the policy
You can disable active audit policies, and re-enable inactive audit policies. This allows you to easily turn audit on and off at a granular level. To enable or disable an active audit policy using beectl, use the beectl modify_audit_policy--enable option:
beectl> modify_audit_policy --policy <Audit policy identifier> --file <full path to the policy xml file> --enable [true|false]
You still must provide a path to the policy file, but if you do not wish to modify the content of the audit policy, you should reference the file originally used to create the audit policy.
You can disable and enable audit policies using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Policies tab. All existing audit policies are listed
Select an audit policy, and in the lower pane, on the General tab, select or de-select the Enabled check box to enable or disable the policy. Click Apply to apply your change. The policy is enabled or disabled.
You can delete an existing audit policy with beectl by using the beectl delete_audit_policy
beectl> delete_audit_policy --policy <Audit policy identifier>
You can get the audit policy's identifier by using the beectl list_audit_policies
You can delete an existing audit policy with Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Policies tab. All existing audit policies are listed
Select the policy you want to delete, and click Delete. In the confirmation box, click OK. The policy is deleted
Example 14-1, "Simple Audit Policy" demonstrates a simple audit policy XML file that creates a policy sourcing the Audit management events template, and raises events in the context of the two users listed.
Example 14-1 Simple Audit Policy
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AuditPolicyInfo>
<name>Audit Management Policy</name>
<description>Sample test policy</description>
<template>Audit management events</template>
<actor add='true' id='user=user1'/>
<actor add='true' id='user=user2'/>
</AuditPolicyInfo>
In this example, since no scope was specified, all events specified in the Audit management events audit template will be audited for both of the specified users. Actors can be users or groups.
Note that there is an attribute of the <actor> element called "add", which in this example is set to "true". When you modify an audit policy, you can provide an <actor> element and set this attribute to "false" to delete the actor from the modified audit policy. When you modify an audit policy, set this value to "true" to either add a new actor, or to modify an existing actor.
Once you have enabled auditing (by creating one or more audit policies), audit information accumulates in the Audit Repository. You can view selection of this data by running an audit trail. An audit trail is a query against the Audit Repository.
This section contains the following topics:
You can list existing audit trails with beectl using the beectl list_audit_trails command:
beectl> list_audit_trails [--name <Name of the audit trail>]
You can list details about a specific audit trail by using the --name option to reference the audit trail.
You can list existing audit trails with Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Trails tab. All existing audit trails are listed
To create an audit trail using beectl, begin by creating an XML file for your audit trail.
An example audit trail file is located in your Oracle Beehive install folder, in the templates subfolder ORACLE_HOME/beehive/templates/audit/trail_ex.xml.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AuditTrailInfo>
<name>Trail Name</name>
<description>Trail description</description>
<actor>Collab ID of actor</actor>
<actor>user=sample.id</actor>
<entity>Collab ID of entity</entity>
<startTime>Start Time predicate</startTime>
<endTime>End Time predicate</endTime>
<serviceName>Service Name</serviceName>
<userName>User Name</userName>
<activity>Type of Activity (CREATE, DELETE, ETC)</activity>
<eventType>Event Type</eventType>
<predicate>Predicate Type (all, any)</predicate>
</AuditTrailInfo
Add a new audit trail by using the beectl add_audit_trail command, referencing your XML file:
beectl> add_audit_trail --file <Full path of the input file>
To create an audit trail using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Trails tab. All existing audit trails are listed
Click New. The New Audit Trail window opens
Enter a name and description for the new trail
Optionally, pick a Start Time and/or End Time. These options specify a range of dates and times for which you want to see audit records. If you leave these fields blank, records from all dates and times will be returned
Optionally, use the Actor Filter tab to specify one or more actors for whom you want to see audit records. Click the Actor Filter tab, click Add to open the Users window, and then search for actors. Select an actor and click Add to add it to the list in the Actor Filter tab. Only those records created by actions from the actors listed in the Actor Filter tab will be returned
Optionally, use the Entity Filter tab to specify one or more entities (audit templates and policies) for which you want to see audit records. Click the Entity Filter tab, click Add to open the Audited Entity Picker, and then search for entities. Select an entity and click Add to add it to the list in the Entity Filter tab. Only audit records for the entities listed in the Entity Filter tab will be returned.
Optionally, use the Cumulative Member Records tab to specify additional individual audit records for the audit trail, or to remove records that are already matched by the audit trail.
The Cumulative Member Records tab lets you select records that do not otherwise match the audit trail filter criteria, and add them to the audit trail. Click the Cumulative Member Records tab, click Add to open the Audit Record Picker, and then search for records. Select a record and click Add to add it to the list in the Cumulative Member Records tab.
Remove records from the trail by selecting them in the Cumulative Member Records list, and then clicking Remove.
Click Apply to save your changes without closing the New Audit Trail window, or click Save and Close to save your changes and close the window.
Your new trail appears in the list in the Trails tab
To modify an existing audit trail using beectl, edit the XML file used to create the audit trail, and then reference it with the beectl modify_audit_trail
beectl> modify_audit_trail --trail <Audit trail identifier> --file <Full path of the input file>
To modify an existing audit trail using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Trails tab. All existing audit trails are listed
Select a trail from the list. In the lower pane, you can make edits to the trail. When you have finished making changes, click Apply to update the audit trail, or click Reset to revert to the saved version of the audit trail without making changes to it.
You can run an audit trail (like running a query), which extracts the data specified by the trail to a file.
To export the data using beectl, use the beectl export_audit_trail command, specifying the audit trail and a file for the output:
beectl export_audit_trail --trail <Audit trail identifier> --file <Full path of the output file>
You can export the data using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Trails tab. All existing audit trails are listed
Select a trail from the list
Click the Export button, and then choose a filename and location. The audit trail records are saved as an XML-formatted file.
You can validate an audit trail to ensure that there are no errors.
To validate an audit trail using beectl, use the beectl validate_audit_trail command:
beectl validate_audit_trail --trail <Audit trail identifier> [--count <Maximum number of audit records to print>]
To validate an audit trail using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Trails tab. All existing audit trails are listed
Select one or more trails from the list
Click the Validate button. A dialog box opens to indicate whether valid records were found for the selected audit trails.
You can delete an audit trail using beectl, by using the beectl delete_audit_trail
beectl delete_audit_trail --trail <Audit trail identifier>
To delete an audit trail using Oracle Beekeeper:
Log in to Oracle Beekeeper, and under Enterprises, click Audit
Select the Trails tab. All existing audit trails are listed
Select one or more trails from the list
Click the Delete button, and click OK in the confirmation dialog box. The selected trails are deleted.
The following is an XML file used to create an example audit trail, and an example of the exported audit data based on that trail.
Example 14-3 shows two example audit records included in an exported audit trail.
Example 14-3 Example Exported Audit Trail Data
<?xml version="1.0" encoding="utf-8"?>
<AuditTrail>
<name>update_trail_name1221015531621640000</name>
<description>Updated description</description>
<createdOn>2008-09-10T02:58:49.212</createdOn>
<modifiedOn>2008-09-10T02:58:53.004</modifiedOn>
<recordCount>5251</recordCount>
<records>
<event name="ACCOUNT_LOGIN_SUCCEEDED">
<InstanceId>BEEFIX.srv.example.com</InstanceId>
<HomeInstance>BEEFIX.srv.example.com</HomeInstance>
<HostId>srv.example.com</HostId>
<HostNwaddr>srv.example.com</HostNwaddr>
<OracleHome>/private/jdoe/product/b1.0.4/beefix</OracleHome>
<OrgId>26703</OrgId>
<ComponentId>23333</ComponentId>
<HostingClientId>null</HostingClientId>
<ClientOS>null</ClientOS>
<RemoteIP>null</RemoteIP>
<ModuleId>ocs</ModuleId>
<ProcessId>ocs</ProcessId>
<ThreadId>0</ThreadId>
<UpstreamComponentId>OCSAPP</UpstreamComponentId>
<DownstreamComponentId>OCSCORE</DownstreamComponentId>
<ECID>684F:5B25:aurc:54131E861EC8CC82E040578C9B9A7310000000008621</ECID>
<SessionId>476</SessionId>
<LogonTime>2008-09-09T18:38:04.000</LogonTime>
<AuthenticationMethod>PLAIN</AuthenticationMethod>
<ApplicationName>LOGON</ApplicationName>
<EventType>ACCOUNT_LOGIN_SUCCEEDED</EventType>
<EventCategory>LOGIN</EventCategory>
<EventStatus>SUCCESS</EventStatus>
<TstzOriginating>2008-09-10T01:38:04.184</TstzOriginating>
<ComponentName>LOGON</ComponentName>
<Initiator>user=beeadmin</Initiator>
<UserName>beeadmin</UserName>
<MessageText>null</MessageText>
<FailureCode>SUCCESS</FailureCode>
<Target>enpr=Example</Target>
<Resource>enpr=Example</Resource>
<Roles>principal=beeadmin</Roles>
<UserSession>684F:5B25:pcpl:C57ACA07B48D48499CE221AA5F0F01E8000000000002</UserSession>
<PrincipalType>PRIM</PrincipalType>
<Information>{{SOURCE: }}; {{TARGET: }}</Information>
</event>
<event name="ACCOUNT_LOGIN_SUCCEEDED">
<InstanceId>BEEFIX.srv.example.com</InstanceId>
<HomeInstance>BEEFIX.srv.example.com</HomeInstance>
<HostId>srv.example.com</HostId>
<HostNwaddr>srv.example.com</HostNwaddr>
<OracleHome>/private/jdoe/product/b1.0.4/beefix</OracleHome>
<OrgId>26703</OrgId>
<ComponentId>23333</ComponentId>
<HostingClientId>null</HostingClientId>
<ClientOS>null</ClientOS>
<RemoteIP>null</RemoteIP>
<ModuleId>ocs</ModuleId>
<ProcessId>ocs</ProcessId>
<ThreadId>0</ThreadId>
<UpstreamComponentId>OCSAPP</UpstreamComponentId>
<DownstreamComponentId>OCSCORE</DownstreamComponentId>
<ECID>684F:5B25:aurc:54131E861EC8CC82E040578C9B9A7310000000008623</ECID>
<SessionId>477</SessionId>
<LogonTime>2008-09-09T18:38:05.000</LogonTime>
<AuthenticationMethod>PLAIN</AuthenticationMethod>
<ApplicationName>LOGON</ApplicationName>
<EventType>ACCOUNT_LOGIN_SUCCEEDED</EventType>
<EventCategory>LOGIN</EventCategory>
<EventStatus>SUCCESS</EventStatus>
<TstzOriginating>2008-09-10T01:38:04.570</TstzOriginating>
<ComponentName>LOGON</ComponentName>
<Initiator>user=beeadmin</Initiator>
<UserName>beeadmin</UserName>
<MessageText>null</MessageText>
<FailureCode>SUCCESS</FailureCode>
<Target>enpr=Example</Target>
<Resource>enpr=Example</Resource>
<Roles>principal=beeadmin</Roles>
<UserSession>684F:5B25:pcpl:C57ACA07B48D48499CE221AA5F0F01E8000000000002</UserSession>
<PrincipalType>PRIM</PrincipalType>
<Information>{{SOURCE: }}; {{TARGET: }}</Information>
</event>
</records>
</AuditTrail>
This reference section lists all of the audit events included in each audit event category.
Table 14-1 lists auditable events related to access control.
Table 14-1 Access Control Events
| Event Subcategory | Events |
|---|---|
|
ASSIGNED_ROLE_ASYNC_EVENTS |
ASSIGNED_ROLE_DELETED ASSIGNED_ROLE_UPDATED ASSIGNED_ROLE_CREATED |
|
DELEGATED_ROLE_ASYNC_EVENTS |
DELEGATED_ROLE_UPDATED DELEGATED_ROLE_CREATED DELEGATED_ROLE_DELETED |
|
ROLE_DEFINITION_ASYNC_EVENTS |
ROLE_DEFINITION_UPDATED ROLE_DEFINITION_CREATED ROLE_DEFINITION_DELETED |
|
SENSITIVITY_ASYNC_EVENTS |
SENSITIVITY_DELETED SENSITIVITY_CREATED SENSITIVITY_UPDATED |
Table 14-2 lists auditable events related to address books.
Table 14-2 Address Book Events
| Event Subcategory | Events |
|---|---|
|
ADDRESSBOOK_ASYNC_EVENTS |
ADDRESSBOOK_MOVED ADDRESSBOOK_UNDELETED ADDRESSBOOK_CREATED ADDRESSBOOK_DELETED ADDRESSBOOK_UPDATED |
|
PERSON_CONTACT_ASYNC_EVENTS |
PERSON_CONTACT_DELETED PERSON_CONTACT_CREATED PERSON_CONTACT_UNDELETED PERSON_CONTACT_UPDATED PERSON_CONTACT_MOVED |
|
RESOURCE_CONTACT_ASYNC_EVENTS |
RESOURCE_CONTACT_UPDATED RESOURCE_CONTACT_CREATED RESOURCE_CONTACT_DELETED RESOURCE_CONTACT_MOVED RESOURCE_CONTACT_UNDELETED |
Table 14-3 lists auditable events related to artifacts.
| Event Subcategory | Events |
|---|---|
|
ANNOUNCEMENT_ASYNC_EVENTS |
ANNOUNCEMENT_DELETED ANNOUNCEMENT_UPDATED ANNOUNCEMENT_UNDELETED ANNOUNCEMENT_ARCHIVED ANNOUNCEMENT_CREATED |
|
BOND_ASYNC_EVENTS |
BOND_DELETED BOND_CREATED BOND_UPDATED |
|
CATEGORY_ASYNC_EVENTS |
CATEGORY_REMOVED CATEGORY_APPLIED CATEGORY_DELETED CATEGORY_CREATED CATEGORY_UPDATED |
|
DFDRAFT_ASYNC_EVENTS |
DFDRAFT_MOVED DFDRAFT_UPDATED DFDRAFT_UNDELETED DFDRAFT_CREATED DFDRAFT_ARCHIVED DFDRAFT_DELETED |
|
DOCUMENT_ASYNC_EVENTS |
DOCUMENT_DELETED DOCUMENT_UPDATED DOCUMENT_CHECKEDIN DOCUMENT_MOVED DOCUMENT_WORKING_COPY_UPDATED DOCUMENT_CHECKOUT_CANCELLED DOCUMENT_CREATED DOCUMENT_UNDELETED DOCUMENT_CHECKEDOUT DOCUMENT_ARCHIVED |
|
ENTITY_LOCK_ASYNC_EVENTS |
ENTITY_LOCKED ENTITY_UNLOCKED |
|
EXTERNAL_ARTIFACT_ASYNC_EVENTS |
EA_CREATED EA_DELETED EA_UPDATED |
|
FOLDER_ASYNC_EVENTS |
FOLDER_MOVED FOLDER_UNDELETED FOLDER_ARCHIVED FOLDER_UPDATED FOLDER_CREATED FOLDER_DELETED |
|
FORUM_ASYNC_EVENTS |
FORUM_MOVED FORUM_CREATED FORUM_UNDELETED FORUM_ARCHIVED FORUM_DELETED FORUM_UPDATED |
|
LABEL_ASYNC_EVENTS |
LABEL_APPLIED LABEL_REMOVED LABEL_CREATED LABEL_DELETED LABEL_UPDATED |
|
LINK_ASYNC_EVENTS |
LINK_DELETED LINK_COPIED LINK_CREATED LINK_MOVED LINK_UPDATED LINK_UNDELETED |
|
LOCK_ASYNC_EVENTS |
ENTITY_LOCKED LOCK_UPDATED ENTITY_UNLOCKED |
|
NOTIFICATION_EVENTS |
|
|
TOPIC_ASYNC_EVENTS |
TOPIC_ARCHIVED TOPIC_MOVED TOPIC_DELETED TOPIC_CREATED TOPIC_UNDELETED TOPIC_UPDATED |
Table 14-4 lists auditable events in the sub-category of Notification events.
Table 14-4 Notification Events
| Event Subcategory | Events |
|---|---|
|
NOTIFICATION_ASYNC_EVENTS |
NOTIFICATION_CREATED NOTIFICATION_UPDATED NOTIFICATION_DELETED |
|
NOTIFICATION_SCHEMA_ASYNC_EVENTS |
NOTIFICATION_SCHEMA_DELETED NOTIFICATION_SCHEMA_CREATED NOTIFICATION_SCHEMA_UPDATED |
Table 14-5 lists auditable events related to each audit event category.
| Event Subcategory | Events |
|---|---|
|
AUDIT_ASYNC_EVENTS |
AUDIT_TRAIL_DELETED AUDIT_TEMPLATE_DELETED AUDIT_TRAIL_UPDATED AUDIT_TEMPLATE_CREATED AUDIT_POLICY_DELETED AUDIT_POLICY_CREATED AUDIT_TEMPLATE_UPDATED AUDIT_POLICY_ENABLED AUDIT_POLICY_UPDATED AUDIT_TRAIL_CREATED AUDIT_POLICY_DISABLED |
|
AUDIT_ASYNC_FAILED_EVE |
AUDIT_POLICY_CREATE_FAILED AUDIT_TRAIL_UPDATE_FAILED AUDIT_TRAIL_CREATE_FAILED AUDIT_TRAIL_DELETE_FAILED AUDIT_TEMPLATE_UPDATE_FAILED AUDIT_POLICY_DELETE_FAILED AUDIT_TEMPLATE_CREATE_FAILED AUDIT_POLICY_UPDATE_FAILED AUDIT_TEMPLATE_DELETE_FAILED AUDIT_POLICY_DISABLE_FAILED AUDIT_POLICY_ENABLE_FAILED |
Table 14-6 lists auditable events related to calendars.
| Event Subcategory | Events |
|---|---|
|
CALENDAR_ASYNC_EVENTS |
CALENDAR_ADDED CALENDAR_REMOVED CALENDAR_UPDATED |
|
DEFAULT_REMINDER_ASYNC_EVENTS |
DEFAULT_REMINDER_ADDED DEFAULT_REMINDER_REMOVED DEFAULT_REMINDER_UPDATED |
|
INVITATION_ASYNC_EVENTS |
INVITATION_ADDED INVITATION_REMOVED INVITATION_UPDATED |
|
OCCURRENCE_ASYNC_EVENTS |
OCCURRENCE_ADDED OCCURRENCE_REMOVED OCCURRENCE_UPDATED |
|
REMINDER_ASYNC_EVENTS |
REMINDER_ADDED REMINDER_REMOVED REMINDER_UPDATED |
|
RESOURCE_ASYNC_EVENTS |
RESOURCE_CREATED RESOURCE_DELETED RESOURCE_UPDATED |
|
TASKLIST_ASYNC_EVENTS |
TASKLIST_ADDED TASKLIST_REMOVED TASKLIST_UPDATED |
|
TODO_ASYNC_EVENTS |
TODO_ADDED TODO_REMOVED TODO_UPDATED |
Table 14-7 lists auditable events related to client applications.
Table 14-7 Client Application Events
| Event Subcategory | Events |
|---|---|
|
CLIENT_APPLICATION_ASYNC_EVENTS |
CLIENT_APPLICATION_CREATED CLIENT_APPLICATION_DELETED |
|
CLIENT_APPLICATION_PATCHSET_ASYNC_EVENTS |
CLIENT_APPLICATION_PATCHSET_DELETED CLIENT_APPLICATION_PATCHSET_CREATED |
|
CLIENT_APPLICATION_PROV_UPDATED |
CLIENT_APPLICATION_PROV_UPDATED |
|
CLIENT_APPLICATION_VERSION_ASYNC_EVENTS |
CLIENT_APPLICATION_VERSION_DELETED CLIENT_APPLICATION_VERSION_CREATED |
Table 14-8 lists auditable events related to device management.
Table 14-8 Device Management Events
| Event Subcategory | Events |
|---|---|
|
DEVICE_ASYNC_EVENTS |
DEVICE_CREATED DEVICE_DELETED DEVICE_UPDATED |
|
DEVICE_PROFILE_ASYNC_EVENTS |
DEVICE_PROFILE_UPDATED DEVICE_PROFILE_CREATED DEVICE_PROFILE_DELETED |
|
DEVICE_TYPE_ASYNC_EVENTS |
DEVICE_TYPE_DELETED DEVICE_TYPE_CREATED DEVICE_TYPE_UPDATED |
Table 14-9 lists auditable events related to Enterprises.
Table 14-10 lists auditable events related to LDAP sync profiles.
Table 14-11 lists auditable events related to messages.
| Event Subcategory | Events |
|---|---|
|
DISCUSSION_MESSAGE_ASYNC_EVENTS |
DISCUSSION_MESSAGE_ARCHIVED DISCUSSION_MESSAGE_DELETED DISCUSSION_MESSAGE_UPDATED DISCUSSION_MESSAGE_CREATED DISCUSSION_MESSAGE_MOVED |
|
ES_ASYNC_EVENTS |
ES_MSG_MOVED ES_MSG_DELETED ES_MSG_UNDELETED ES_MSG_DELIVERED ES_MSG_UPDATED ES_MSG_ADDED |
|
FAX_MESSAGE_ASYNC_EVENTS |
FAX_MESSAGE_UPDATED FAX_MESSAGE_MOVED FAX_MESSAGE_DELETED FAX_MESSAGE_COPIED FAX_MESSAGE_CREATED |
|
IMS_ASYNC_EVENTS |
[IMS_OFFLINE_MSG_ADDED IMS_OFFLINE_MSG_DELETED IMS_OFFLINE_MSG_MOVED IMS_OFFLINE_MSG_UNDELETED |
|
MESSAGE_DELIVERY_ASYNC_EVENTS |
MESSAGE_DELIVERY_STATUS_UPDATED MESSAGE_DELIVERY_STATUS_DELETED MESSAGE_DELIVERY_STATUS_CREATED |
|
NOTIFICATION_EVENTS |
|
|
VOICE_MESSAGE_ASYNC_EVENTS |
VOICE_MESSAGE_MOVED VOICE_MESSAGE_CREATED VOICE_MESSAGE_UPDATED VOICE_MESSAGE_DELETED VOICE_MESSAGE_COPIED |
Table 14-12 lists auditable events related to Organizations.
Table 14-13 lists auditable events related to policies and subscriptions.
Table 14-13 Policy Subscription Events
| Event Subcategory | Events |
|---|---|
|
POLICY_ASYNC_EVENTS |
POLICY_UPDATED POLICY_DELETED POLICY_CREATED |
|
SUBSCRIPTION_ASYNC_EVENTS |
SUBSCRIPTION_UPDATED SUBSCRIPTION_ENABLED SUBSCRIPTION_DELETED SUBSCRIPTION_DISABLED SUBSCRIPTION_CREATED |
|
SUBSCRIPTION_TEMPLATE_ASYNC_EVENTS |
SUBSCRIPTION_TEMPLATE_CREATED SUBSCRIPTION_TEMPLATE_DELETED SUBSCRIPTION_TEMPLATE_UPDATED |
Table 14-14 lists auditable events related to Records Management.
Table 14-15 lists auditable events related to search.
Table 14-17 lists auditable events related to security.
| Event Subcategory | Events |
|---|---|
|
ACCOUNT_ASYNC_EVENTS |
ACCOUNT_LOGIN_SUCCEEDED ACCOUNT_LOGOUT_SUCCEEDED ACCOUNT_LOCKED |
|
ACCOUNT_ASYNC_FAILED_EVENTS |
ACCOUNT_LOGIN_FAILED |
|
CREDENTIAL_ASYNC_EVENTS |
CREDENTIAL_DELETED CREDENTIAL_EXPIRED CREDENTIAL_RESET CREDENTIAL_UPDATED CREDENTIAL_CREATED |
|
CREDENTIAL_ASYNC_FAILED_EVENTS |
CREDENTIAL_DELETE_FAILED CREDENTIAL_CREATE_FAILED CREDENTIAL_UPDATE_FAILED CREDENTIAL_RESET_FAILED |
Service Configuration Update Events
Table 14-17 lists auditable events related to Service configuration updates.
Table 14-18 lists auditable events related to the core Oracle Beehive system.
Table 14-19 lists auditable events related to time management.
Table 14-19 Time Management Events
| Event Subcategory | Events |
|---|---|
|
TM_SUBSCRIPTION_ASSIGNMENT_ASYNC_EVENTS |
TM_SUBSCRIPTION_ASSIGNMENT_INDIRECTLY_DELETED TM_SUBSCRIPTION_ASSIGNMENT_INDIRECTLY_UPDATED TM_SUBSCRIPTION_ASSIGNMENT_NEW_OR_TIME_UPDATED |
|
TM_SUBSCRIPTION_INVITATION_ASYNC_EVENTS |
TM_SUBSCRIPTION_INVITATION_INDIRECTLY_DELETED TM_SUBSCRIPTION_INVITATION_INDIRECTLY_UPDATED TM_SUBSCRIPTION_INVITATION_NEW_OR_RESCHED |
|
TM_SUBSCRIPTION_INVITATION_SERIES_ASYNC_EVENTS |
TM_SUBSCRIPTION_INVITATION_SERIES_INDIRECTLY_DELETED TM_SUBSCRIPTION_INVITATION_SERIES_INDIRECTLY_UPDATED TM_SUBSCRIPTION_INVITATION_SERIES_NEW_OR_RESCHED |
|
TM_SUBSCRIPTION_OCCURRENCE_ASYNC_EVENTS |
TM_SUBSCRIPTION_OCCURRENCE_RESOURCE_PARTICIPANT_INDIRECTLY_UPDATED TM_SUBSCRIPTION_OCCURRENCE_USER_PARTICIPANT_INDIRECTLY_UPDATED |
|
TM_SUBSCRIPTION_TODO_PARTICIPANT_INDIRECTLY_UPDATED |
TM_SUBSCRIPTION_TODO_PARTICIPANT_INDIRECTLY_UPDATED |
|
TM_TIMEZONE_DEFINITION_UPDATED |
TM_TIMEZONE_DEFINITION_UPDATED |
Table 14-20 lists auditable events related to user management.
Table 14-20 User Management Events
| Event Subcategory | Events |
|---|---|
|
EXTERNAL_PERSON_ASYNC_EVENTS |
EXTERNAL_PERSON_PURGED EXTERNAL_PERSON_CREATED EXTERNAL_PERSON_DELETED EXTERNAL_PERSON_UPDATED |
|
GROUP_ASYNC_EVENTS |
GROUP_UPDATED GROUP_PURGED GROUP_DELETED GROUP_CREATED GROUP_UNDELETED |
|
USER_ASYNC_EVENTS |
USER_UPDATED USER_DELETED USER_PURGED USER_CREATED |
Table 14-1 lists auditable events related to Workspaces.
| Event Subcategory | Events |
|---|---|
|
VERS_CFG_ASYNC_EVENTS |
VERS_CFG_DELETED VERS_CFG_UPDATED VERS_CFG_CREATED |
|
WORKSPACE_ASYNC_EVENTS |
WORKSPACE_PURGED WORKSPACE_CREATED WORKSPACE_ARCHIVED WORKSPACE_DELETED WORKSPACE_UPDATED |
|
WORKSPACE_QUOTA_ASYNC_EVENTS |
WORKSPACE_HQUOTA_OVERFLOW WORKSPACE_SQUOTA_OVERFLOW |
Table 14-22 lists auditable events related to XMPP messaging.
|
 Copyright © 2008, 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|