| Oracle® Fusion Middleware Administrator's Guide for Oracle Adaptive Access Manager Release 11g (11.1.1) Part Number E14568-06 |
|
|
PDF · Mobi · ePub |
| Oracle® Fusion Middleware Administrator's Guide for Oracle Adaptive Access Manager Release 11g (11.1.1) Part Number E14568-06 |
|
|
PDF · Mobi · ePub |
This chapter describes how to configure reporting and how to view Oracle Adaptive Access Manager reports. It contains these topics:
Setting up Oracle Business Intelligence Publisher for Oracle Adaptive Access Manager Reports
Adding Translations for the BI Publisher Catalog and Reports
Oracle Adaptive Access Manager utilizes Business Intelligence Publisher for the majority of reporting functions. All OAAM customers are recommended to replicate production data into a reporting database and to provide a dedicated reporting environment for BI Publisher.
Oracle BI Publisher is an Oracle's enterprise reporting solution and provides a single reporting environment to author, manage, and deliver all of your reports and business documents. Utilizing a set of familiar desktop tools, such as Microsoft Word, Microsoft Excel, or Adobe Acrobat, you can create and maintain report layouts based on data from diverse sources, including Oracle Identity Management products.
The Oracle Business Intelligence Publisher Administrator's Guide explains how to use BI Publisher to create reports for Oracle Adaptive Access Manager. You can access the Oracle Business Intelligence Publisher Administrator's Guide by searching for it on the Oracle Technology Network Web site.
The Oracle Business Intelligence Publisher Documentation Library is available on the Oracle Technology Network Web site. You can access the Oracle Technology Network Web site at:
Oracle Adaptive Access Manager provides access to a rich set of forensic data to power investigations and auditing. Business Intelligence Publisher provides the reporting engine allowing reporting to be fully customized to meet requirements. Out of the box report templates are included that can be used as is or altered. The intuitive administration console interface makes it quick and easy to narrow in on the important data and relationships. This allows a security analyst to find related situations that otherwise might not be identified and better understand the relationships between various security events. Oracle Adaptive Access Manager leverages the common audit framework from Oracle Platform Security Services to capture full audit trails for administration console users.
BI Publisher reports can be used to show the results of checkpoints.
Total number of each action by checkpoint
Total number of each alert by checkpoint
Total number of sessions with risk score ranges (0 - 600, 601 - 800, 801 - 1000) by checkpoint
Login Analysis Aggregates Report
For example, George is a security and compliance officer. He has been asked to configure a solution to run login risk evaluations offline that are deemed too expensive to run in real-time. He is using the out of the box run task to perform the whole login chain of checkpoints on every session in the selection. After the load and run are complete George generates an aggregate report showing metrics for total numbers of each action, alert, risk scores in pre-auth and post-auth data.
For example, George is a security and compliance officer. He has been asked to configure a solution to run login risk evaluations offline to test new policies before they are rolled out to production. When testing to see the difference in results between one policy configuration and another he performs a run with policy set A then he runs this report and exports to HTML. Next he does the same with policy set B and compares the two reports to see if policy changes are behaving as expected.
As Investigation Managers and business analysts, you can assess the effectiveness of OAAM and your fraud team. As part of investigating, you can run a report that returns all sessions that have been linked to a case with a specified disposition. The results will show the case IDs each session is linked to.
Search sessions by case disposition Report
At the end of the week a manager runs the report to find a list of all sessions with organization ID "Sears" and that have been linked to a case with a "confirmed fraud" disposition.
In Oracle Fusion Middleware 11g Release 1 (11.1.1), auditing provides a measure of accountability and answers to the "who has done what and when" types of questions.
Audit is used for tracking OAAM Admin operations, such as creating policy, deleting group, and so on. OAAM collects audit information and it is sent to the audit database. The user can view audit data through BI Publisher, which reads the audit database. You can control the audit functionality through Enterprise Manager where you can choose which events to audit, key in users to always audit, or audit only failure events. So Audit involves: EM (audit setting), OAAM (audit event generation), BI (audit report viewing). For information on setting up audit data sources, refer to "Configuring and Managing Auditing" in the Oracle Fusion Middleware Application Security Guide. For information on setting up Oracle Business Intelligence Publisher for use with audit reports, refer to "Using Audit Analysis and Reporting" in the Oracle Fusion Middleware Application Security Guide.
When your data resides in a database, you can run pre-defined Oracle Business Intelligence Publisher (BI Publisher) reports and create your own reports on the data. This section contains these topics about configuring your environment for reports:
Installing Oracle Adaptive Access Manager BI Publisher Reports
Configuring Oracle Adaptive Access Manager BI Publisher Reports
If you do not have Oracle BI Publisher installed, you must install it, as described in the Oracle Business Intelligence Enterprise Edition Installation and Upgrade Guide.
This section explains how to install BI Publisher Reports. You must install Oracle BI Publisher and verify it is operational before installing the BI Publisher Reports. Refer to the Oracle Fusion Middleware Business Intelligence Publisher Reports Administrator's Guide for Oracle Identity Management for more information.
Perform the following steps to install the reports:
Download the Oracle Adaptive Access Manager package to your Oracle BI Publisher server.
Unzip the package to a temporary location on your Oracle BI Publisher server. For example:
/tmp/OAAM Reports/
Stop the Oracle BI Publisher server. Refer to the Oracle Fusion Middleware Business Intelligence Publisher Reports Administrator's Guide for Oracle Identity Management if you need more information.
Recursively copy the /OAAM Reports/Oracle Identity Management Reports/ directory to the /Oracle_BI_Publisher_home/xmlp/XMLP/Reports/ directory on your Oracle BI Publisher server. After performing this step, you should have the following directory on your Oracle BI Publisher server:
/Oracle_BI_Publisher_home/xmlp/XMLP/Reports/Oracle Identity Management Reports/OAAM/
Copy the properties.xml file to any directory in Oracle BI Publisher server's file system.
Start the Oracle BI Publisher server. Refer to the Oracle Fusion Middleware Business Intelligence Publisher Reports Administrator's Guide for Oracle Identity Management if you need more information.
Perform the following steps to configure the Oracle Adaptive Access Manager reports:
Configure the JDBC Data Source for Oracle Adaptive Access Manager by performing the following steps:
Log in to Oracle BI Publisher from a web browser as an Administrator. Refer to the Oracle Fusion Middleware Business Intelligence Publisher Reports Administrator's Guide for Oracle Identity Management if you need more information.
Click the Admin tab, then click JDBC Connection under Data Source, and then click the Add Data Source button. The Add Data Source screen appears.
Enter the following information in the fields on the Add Data Source screen. Replace the variable values in the following examples with the actual values for your Oracle Adaptive Access Manager database.
| Field | Data to Enter |
|---|---|
| Data Source Name | ARM
For the Oracle Adaptive Access Manager reports to work out-of-the-box, the JDBC data source must be named as "ARM". If you choose a different name, you must modify the data source property in all reports. |
| Connection String | jdbc:oracle:thin:@host:port:sid |
| User Name | User name for a database schema user that has access to Oracle Adaptive Access Manager. |
| Password | Password for user identified in the User Name field. |
| Database Driver Class | oracle.jdbc.driver.OracleDriver |
Configure AdminProperties Data Source for Oracle Adaptive Access Manager by performing Steps a and b. The AdminProperties contains configuration information that Oracle Adaptive Access Manager will need to read when generating the reports.
Click the Admin tab, then click File under Data Source, and then click the Add Data Source button. The Add Data Source screen appears.
Enter the following information in the fields on the Add Data Source screen:
| Field | Data to Enter |
|---|---|
| Data Source Name | AdminProperties
You must name this Data Source |
| Full Path of Top-level Directory | Path must be the directory where you placed properties.xml. |
The configuration for Oracle Adaptive Access Manager reports is complete. Refer to the Oracle Fusion Middleware Business Intelligence Publisher Reports Administrator's Guide for Oracle Identity Management to generate reports for Oracle Adaptive Access Manager.
Perform the following steps to test whether the configuration of the Oracle Adaptive Access Manager reports has been successful:
Log in to Oracle BI Publisher using a URL of the form:
http://host.domain.com:port/xmlpserver/
On the main page, click OAAM under Shared Folders and then oradb.
The Oracle Adaptive Access Manager reports are now available.
Select any report.
Select any output type and click the View button.
You can set the Report Locale, User Interface Language, Time Zone, and Accessibility Mode for BI Publisher.
Report Locale- A locale is a language and territory combination (for example, English (United States) or French (Canada)). BI Publisher uses the report locale selection to determine the template translation to apply, the number formatting and date formatting to apply to the report data.
User Interface Language- The User Interface language is the language that your user interface displays in. The language that you selected at login will be selected as the default. However, you can choose from the languages that are available for your installation through this option.
Time Zone - Select the time zone to apply to your reports. Reports run by you (this user) will display the time according to the time zone preference selected here.
Accessibility Mode- Setting this to "On" will display the report catalog in a tree structure that is accessible via keyboard strokes
For more information on setting preferences, refer to the "Setting My Account Preferences and Viewing My Groups" chapter of the Oracle Fusion Middleware Report Designer's Guide for Oracle Business Intelligence Publisher.
In BI Publisher, a user is assigned one or multiple Roles. A Role can grant any or all of the following:
privileges to use functionality
permissions to perform actions on catalog objects
access to data sources
For information on setting users, roles, and permissions, refer to the "Alternative Security Options" chapter of the Oracle Fusion Middleware Administrator's and Developer's Guide for Oracle Business Intelligence Publisher.
Oracle BI Publisher Enterprise enables you to schedule reports, and deliver the executed output to various destinations. BI Publisher Scheduler is configured as a part of Oracle BI Enterprise Edition installation process. Ensure that the scheduler is configured properly, before you start scheduling the reports.
For information on scheduling reports, refer to "Creating Report Jobs" in the Oracle Fusion Middleware Report Designer's Guide for Oracle Business Intelligence Publisher.
This section explains how to view/run reports.
Take these steps to view/run a report:
Log in to Oracle BI Publisher using a URL of the form:
http://host.domain.com:port/xmlpserver/
On the main page, click OAAM under Shared Folders and then oradb.
Navigate to the report of interest.
The report is displayed.
The report display page contains these major areas:
Filters at the top of the page enable you to determine the records to include in the report.
Format control buttons enable you to determine:
the template type, which can be:
HTML - This is the default display format.
PDF - Displays a printable PDF view.
RTF - Displays a document in Rich Text Format.
Excel2000 - Displays a spreadsheet.
Data - Displays an unformatted XML data set.
To change the template type while viewing a report, select the type from the list and click View.
output format
delivery options
range in which to view the data
View, save or export the report as desired.
This section contains instructions on creating Oracle BI Publisher reports on data in the OAAM schema.
In code listings OAAM table and field names are bold and italic.
Refer to the instructions in Creating a New Report in the Oracle Business Intelligence Publisher Report Designer's Guide:
http://download.oracle.com/docs/cd/E12844_01/doc/bip.1013/e12187/T518230T518233.htm
Several fields in many tables are numeric type codes, which correspond to OAAM User Defined Enums. Refer to the Oracle Fusion Middleware Developer's Guide for Oracle Adaptive Access Manager for more information about OAAM User Defined Enums. Information on how to map those type codes to readable names is presented in this section.
There are two methods for resolving these names, and the one to choose depends on whether you need to display English only or you need to display internationalized strings.
To display a readable string rather than a type code value in the report output, the report writer will need to add a join to the tables that hold the User Defined Enums, and then add the field to the select clause.
The following SQL code shows how to add the join criteria to the query:
SELECT …
FROM …
LEFT OUTER JOIN (
SELECT enumElement.num_value, enumElement.label
FROM v_b_enum enum
INNER JOIN v_b_enum_elmnt enumElement ON on enum.enum_id = enum_element.enum_id
WHERE enum.prop_name = 'enum name') alias
ON table.type_field = alias.num_value
…
In this code, table.type_field is the field containing a type code value that you want to replace with a string. Alias is the name you are giving the inner select clause. Finally, enum_name is the property name of the User Defined Enum.
To display in the report, you need to add alias.label to the select clause.
The following SQL code shows how to add the join criteria to the query:
SELECT …
FROM …
LEFT OUTER JOIN (
SELECT t0.config_value, element.num_value
FROM v_b_config_rb t0
INNER JOIN (
SELECT enum_element.num_value, enum_element.str_value, enum.prop_name
FROM v_b_enum enum
INNER JOIN v_b_enum_elmnt enum_element ON enum.enum_id = enum_element.enum_id
WHERE enum.prop_name = 'enum name') element
ON t0.config_name=element.prop_name || '.' || element.str_value || '.name'
WHERE t0.locale_id = (
SELECT locale_id FROM v_b_locale
WHERE language = substr(:xdo_user_ui_locale, 1, 2)
AND country = substr(:xdo_user_ui_locale, 4, 2)
AND (substr(:xdo_user_ui_locale, 1, 2) in ('de', 'en', 'es', 'fr', 'it', 'ja', 'ko')
OR (substr(:xdo_user_ui_locale, 1, 2) = 'pt' AND substr(:xdo_user_ui_locale, 4, 2) = 'BR')
OR (substr(:xdo_user_ui_locale, 1, 2) = 'zh' AND substr(:xdo_user_ui_locale, 4, 2) IN ('CN', 'TW')))
UNION SELECT locale_id FROM v_b_locale
WHERE language = substr(:xdo_user_ui_locale, 1, 2)
AND NOT EXISTS(SELECT locale_id FROM v_b_locale
WHERE language = substr(:xdo_user_ui_locale, 1, 2)
AND country = substr(:xdo_user_ui_locale, 4, 2))
AND country IS NULL
AND (substr(:xdo_user_ui_locale, 1, 2) in ('de', 'en', 'es', 'fr', 'it', 'ja', 'ko')
OR (substr(:xdo_user_ui_locale, 1, 2) = 'pt' AND substr(:xdo_user_ui_locale, 4, 2) = 'BR')
OR (substr(:xdo_user_ui_locale, 1, 2) = 'zh' AND substr(:xdo_user_ui_locale, 4, 2) IN ('CN', 'TW')))
UNION SELECT locale_id FROM v_b_locale
WHERE language = 'en'
AND NOT (substr(:xdo_user_ui_locale, 1, 2) in ('de', 'en', 'es', 'fr', 'it', 'ja', 'ko')
OR (substr(:xdo_user_ui_locale, 1, 2) = 'pt' AND substr(:xdo_user_ui_locale, 4, 2) = 'BR')
OR (substr(:xdo_user_ui_locale, 1, 2) = 'zh' AND substr(:xdo_user_ui_locale, 4, 2) IN ('CN', 'TW'))))
ORDER BY t0.config_name) alias
ON table.type_field = alias.num_value
…
In this code, table.type_field is the field containing a type code value that you want to replace with a string. Alias is the name you want to give the inner select clause. Finally, enum_name is the property name of the User Defined Enum.
To display in the report, you need to add alias.config_value to the select clause.
Add parameters to your report definition to enable your users to interact with the report and specify the data of interest from the data set.
To allow a user to select from a list of readable strings representing type codes, the report writer will need to create a List of Values (LOV) from a query on the User Defined Enums tables, filtered by the enum name.
The following listing shows how to write the query to populate the list of values.
SELECT enumElement.label, enumElement.num_value
FROM v_b_enum enum
INNER JOIN v_b_enum_elmnt enumElement ON on enum.enum_id = enumElement.enum_id
WHERE enum.prop_name = 'enum name'
ORDER BY enumElement.label
The following listing shows how to filter the report based on this LOV.
WHERE … AND (:parameter IS NULL OR :parameter = table.type_field)
In these listings, enum_name is the property name of the User Defined Enum, table.type_field is the field containing a type code value that you want to replace with a string, and parameter is the named parameter. Review the Oracle BI Publisher User's Guide for information about creating and setting up report parameters.
The following listing shows how to write the query to populate the list of values.
SELECT t0.config_value, element.num_value
FROM v_b_config_rb t0
INNER JOIN (
SELECT enum_element.num_value, enum_element.str_value, enum.prop_name
FROM v_b_enum enum
INNER JOIN v_b_enum_elmnt enum_element ON enum.enum_id = enum_element.enum_id
WHERE enum.prop_name = 'enum name') element
ON t0.config_name=element.prop_name || '.' || element.str_value || '.name'
WHERE t0.locale_id = (
SELECT locale_id FROM v_b_locale
WHERE language = substr(:xdo_user_ui_locale, 1, 2)
AND country = substr(:xdo_user_ui_locale, 4, 2)
AND (substr(:xdo_user_ui_locale, 1, 2) in ('de', 'en', 'es', 'fr', 'it', 'ja', 'ko')
OR (substr(:xdo_user_ui_locale, 1, 2) = 'pt' AND substr(:xdo_user_ui_locale, 4, 2) = 'BR')
OR (substr(:xdo_user_ui_locale, 1, 2) = 'zh' AND substr(:xdo_user_ui_locale, 4, 2) IN ('CN', 'TW')))
UNION SELECT locale_id FROM v_b_locale
WHERE language = substr(:xdo_user_ui_locale, 1, 2)
AND NOT EXISTS(SELECT locale_id FROM v_b_locale
WHERE language = substr(:xdo_user_ui_locale, 1, 2)
AND country = substr(:xdo_user_ui_locale, 4, 2))
AND country IS NULL
AND (substr(:xdo_user_ui_locale, 1, 2) in ('de', 'en', 'es', 'fr', 'it', 'ja', 'ko')
OR (substr(:xdo_user_ui_locale, 1, 2) = 'pt' AND substr(:xdo_user_ui_locale, 4, 2) = 'BR')
OR (substr(:xdo_user_ui_locale, 1, 2) = 'zh' AND substr(:xdo_user_ui_locale, 4, 2) IN ('CN', 'TW')))
UNION SELECT locale_id FROM v_b_locale
WHERE language = 'en'
AND NOT (substr(:xdo_user_ui_locale, 1, 2) in ('de', 'en', 'es', 'fr', 'it', 'ja', 'ko')
OR (substr(:xdo_user_ui_locale, 1, 2) = 'pt' AND substr(:xdo_user_ui_locale, 4, 2) = 'BR')
OR (substr(:xdo_user_ui_locale, 1, 2) = 'zh' AND substr(:xdo_user_ui_locale, 4, 2) IN ('CN', 'TW'))))
ORDER BY t0.config_name
The filtering is done in the same manner as the English Only version.
The OAAM schema includes tables that map IP address ranges to location data including city, state, and country. The relevant tables are VCRYPT_IP_LOCATION_MAP, VCRYPT_CITY, VCRYPT_STATE, and VCRYPT_COUNTRY. Many tables contain IP addresses, and VCRYPT_IP_LOCATION_MAP contains foreign keys to each of VCRYPT_CITY, VCRYPT_STATE, and VCRYPT_COUNTRY.
In OAAM, IP addresses are stored as long numerals. The following listing shows how join a table containing an IP address to the VCRYPT_IP_LOCATION_MAP.
SELECT ... FROM vcrypt_tracker_usernode_logs logs INNER JOIN vcrypt_ip_location_map loc ON ( logs.remote_ip_addr >= loc.from_ip_addr AND logs.remote_ip_addr <= loc.from_ip_addr )
For user input and display purposes, you will normally want to use the standard four-part IP address. The following listing shows how to display a numeric IP address as a standard IP, where ipField is the field or parameter containing the numeric IP address you want to display.
…
to_char(to_number(substr(to_char(ipField, 'XXXXXXXX'), 1, 3), 'XX')) || '.' ||
to_char(to_number(substr(to_char(ipField, 'XXXXXXXX'), 4, 2), 'XX')) || '.' ||
to_char(to_number(substr(to_char(ipField, 'XXXXXXXX'), 6, 2), 'XX')) || '.' ||
to_char(to_number(substr(to_char(ipField, 'XXXXXXXX'), 8, 2), 'XX'))
...
The following listing shows how to convert a standard IP address to the long numeric format.
… to_number(substr(ipField, 1, instr(ipField, '.')-1))*16777216 + to_number(substr(ipField, instr(ipField, '.', 1, 1)+1, instr(ipField, '.', 1, 2)-instr(ipField, '.', 1, 1)-1))*65536 + to_number(substr(ipField, instr(ipField, '.', 1, 2)+1, instr(ipField, '.', 1, 3)-instr(ipField, '.', 1, 2)-1))*256 + to_number(substr(ipField, instr(ipField, '.', 1, 3)+1))
Sessions and alerts exist in the VCRYPT_TRACKER_USERNODE_LOGS and VCRYPT_ALERT tables, respectively. They join to each other via the REQUEST_ID field, and they each join to the geolocation data via the VCRYPT_IP_LOCATION_MAP table via the BASE_IP_ADDR field.
The session table and the alert table have several type code fields that may be translated into readable text by following the instructions to look up the user defined enums by name. The following tables will list the type code fields and the name of the user defined enum.
This report will show a list of sessions, with user id, login id, auth status, and location. To start with, you will need to create two date parameters, fromDate and toDate. The query will look like this:
SELECT s.request_id, s.user_id, s.user_login_id, auth.label, country.country_name, state.state_name, city.city_name FROM vcrypt_tracker_usernode_logs s INNER JOIN vcrypt_ip_location_map loc ON s.base_ip_addr = loc.base_ip_addr INNER JOIN vcrypt_country country ON loc.country_id = country.country_id INNER JOIN vcrypt_state loc ON loc.state_id = country.state_id INNER JOIN vcrypt_city city ON loc.city_id = city.city_id LEFT OUTER JOIN ( SELECT enumElement.num_value, enumElement.label FROM v_b_enum enum INNER JOIN v_b_enum_elmnt enumElement ON on enum.enum_id = enum_element.enum_id WHERE enum.prop_name = 'auth.status.enum') auth ON s.auth_status = auth.num_value WHERE (:fromDate IS NULL OR s.create_time >= :fromDate) AND (:toDate IS NULL OR s.create_time <= :toDate) ORDER BY s.create_time DESC
This section explains how you can build transaction reports. It contains the following topics:
To get the Transaction Definition key and Entity Definition keys, follow these steps:
Log into OAAM Admin application and go to Transactions menu and search for the transaction definitions you are interested in.
Go to the General tab and note down the Definition Key of the transaction. This is the "Transaction Definition Key" of the transaction.
Go to the Entities tab of the transaction and note down distinct list Entity Name.
Choose the Entities menu option to search for Entities and note the Key of each of those entities. That is the "Entity Definition Key" of the entities.
To discover entity data mapping information that you will need to create your report, follow the procedures in this section.
For your reference, number data types are listed in the following table.
Table 25-3 Information about Data Types
| Data Type | Description |
|---|---|
|
1 |
Represents String data |
|
2 |
Represents Numeric data. Data stored is equal to (Original value * 1000). |
|
3 |
Date type data. Store the data in "'YYYY-MM-DD HH24:MI:SS TZH:TZM" format and also retrieve it using same format. |
|
4 |
Boolean data. Stored as strings. "True" represents TRUE and "False" represents FALSE |
To get the entity data details that you will need to construct your report, follow these steps:
Get the Entity Definition Key by looking at the entity definition using the OAAM Admin Console.
Get details of how entity data is mapped using the SQL Query:
SELECT label,
data_row,
data_col,
data_type
FROM vt_data_def_elem
WHERE status =1
AND data_def_id =
(SELECT data_def_id
FROM vt_data_def_map
WHERE relation_type ='data'
AND parent_obj_type =3
AND parent_object_id IN
(SELECT entity_def_id
FROM vt_entity_def
WHERE entity_def_key=<Entity Definition Key>
AND status =1
)
)
ORDER BY data_row ASC,
data_col ASC;
The above SQL query gives a list of data fields of the entity with data type and row, column position. Using that information, build a SQL query based on the following information that represents data of the given entity. It is also recommended to create/build a view based on this SQL query that represents data of the given entity.
Note:
EntityRowN represents an entity data row. If your entity has 3 distinct data_row values from the above query then you would have 3 EntityRows, name the aliases as EntityRow1, EntityRow2, and so on, and similarly take care of the corresponding joins as shown below.SELECT ent.ENTITY_ID,
ent.EXT_ENTITY_ID,
ent.ENTITYNAME,
ent.ENTITY_KEY,
ent.ENTITY_TYPE,
EntityRowN<row>.DATA<col> <column_name>,
(EntityRowN<row>.NUM_DATA<col>/ 1000.0) <numeric_column_name>,
to_timestamp_tz(EntityRowN<row>.DATA<col>, 'YYYY-MM-DD HH24:MI:SS TZH:TZM') <date_column_name>,
ent.CREATE_TIME,
ent.UPDATE_TIME,
ent.EXPIRY_TIME,
ent.RENEW_TIME
FROM
VT_ENTITY_DEF entDef,
VT_ENTITY_ONE ent
LEFT OUTER JOIN VT_ENTITY_ONE_PROFILE EntityRowN
ON (EntityRowN.ENTITY_ID = ent.ENTITY_ID
AND EntityRowN.ROW_ORDER = <row>
AND EntityRowN.EXPIRE_TIME IS NULL)
LEFT OUTER JOIN VT_ENTITY_ONE_PROFILE EntityRowN+1
ON (EntityRowN+1.ENTITY_ID = ent.ENTITY_ID
AND EntityRowN+1.ROW_ORDER = <row+1>
AND row1.EXPIRE_TIME IS NULL)
WHERE
ent.ENTITY_DEF_ID = entDef.ENTITY_DEF_ID and
entDef.ENTITY_DEF_KEY=<Entity Definition Key>
To discover transaction data mapping information that you will need to create your report, follow the procedures in this section.
To get entity data details you will need to construct your report, follow these steps:
Get list of transaction to entity definition mapping Ids using the following SQL:
SELECT map_id
FROM
vt_trx_ent_defs_map,
vt_trx_def
WHERE
vt_trx_ent_defs_map.trx_def_id = vt_trx_def.trx_def_id
AND vt_trx_def.trx_def_key =<Transaction Definition Key>
Use the following SQL query to get details of all transaction data fields, their data type and their row, column mapping:
SELECT label,
data_row,
data_col,
data_type
FROM vt_data_def_elem
WHERE status =1
AND data_def_id =
(SELECT data_def_id
FROM vt_data_def_map
WHERE relation_type ='data'
AND parent_obj_type =1
AND parent_object_id IN
(SELECT trx_def_id
FROM vt_trx_def
WHERE trx_def_key='mayo_pat_rec_acc'
AND status =1
)
)
ORDER BY data_row ASC,
data_col ASC;
Use the information from the previous section and build a SQL query that represents transaction data based on the following:
Note: It is recommended to build a view based on this Query so that it is easier to build reports
SELECT trx.LOG_ID,
trx.USER_ID,
trx.REQUEST_ID,
trx.EXT_TRX_ID,
trx.TRX_TYPE,
trx.STATUS,
trx.SCORE,
trx.RULE_ACTION,
trx.TRX_FLAG,
trx.POST_PROCESS_STATUS,
trx.POST_PROCESS_RESULT,
TxnDataRowN<row>.DATA<col> <data_column_name>,
(TxnDataRowN<row>.NUM_DATA<col>/ 1000.0) <numeric_column_name>,
to_timestamp_tz(TxnDataRowN<row>.DATA<col>, 'YYYY-MM-DD HH24:MI:SS TZH:TZM') <date_column_name>,
(SELECT entTrxMap.MAP_OBJ_ID
FROM VT_ENT_TRX_MAP entTrxMap
WHERE entTrxMap.DEF_MAP_ID = <Transaction to Entity Mapping Id of Entity1_Name>
AND entTrxMap.TRX_ID = trx.LOG_ID
) <EntityN_Name>,
(SELECT entTrxMap.MAP_OBJ_ID
FROM VT_ENT_TRX_MAP entTrxMap
WHERE entTrxMap.DEF_MAP_ID = <Transaction to Entity Mapping Id of Entity2_Name>
AND entTrxMap.TRX_ID = trx.LOG_ID
) <EntityN+1_Name>,
trx.CREATE_TIME,
trx.UPDATE_TIME,
TRUNC(trx.create_time, 'HH24') created_hour,
TRUNC(trx.create_time, 'DDD') created_day,
TRUNC(trx.create_time, 'DAY') created_week,
TRUNC(trx.create_time, 'MM') created_month,
TRUNC(trx.create_time, 'YYYY') created_year
FROM VT_TRX_DEF trxDef,
VT_TRX_LOGS trx
LEFT OUTER JOIN VT_TRX_DATA TransactionDataRowN
ON (TransactionDataRowN.TRX_ID = trx.LOG_ID
AND TransactionDataRowN.ROW_ORDER = <rowN>)
LEFT OUTER JOIN VT_TRX_DATA TransactionDataRowN+1
ON (TransactionDataRowN+1.TRX_ID = trx.LOG_ID
AND TransactionDataRowN+1.ROW_ORDER = <rowN+1>)
WHERE trx.TRX_DEF_ID = trxDef.TRX_DEF_ID and
trxDef.TRX_DEF_KEY=<Transaction Definition Key>
Follow the instructions in this section to build reports for entities and transactions.
Use the SQL Queries or Views built using the information mentioned in Section 25.9.2.3, "Build Entity Data SQL Queries and Views."
Use the SQL Queries or Views built using the information mentioned in Section 25.9.3.2, "Build Transaction Data SQL Queries and Views."
In release 11g, BI Publisher supports two types of translation:
Catalog Translation
Template (or layout) Translation
Catalog translation enables the extraction of translatable strings from all objects contained in a selected catalog folder into a single translation file; this file can then be translated and uploaded back to BI Publisher and assigned the appropriate language code.
Catalog translation extracts not only translatable strings from the report layouts, but also the user interface strings that are displayed to users, such as catalog object descriptions, report parameter names, and data display names.
Users viewing the catalog will see the item translations appropriate for the user interface Language they selected in their My Account preferences. Users will see report translations appropriate for the Report Locale they selected in their My Account preferences.
Template translation enables the extraction of the translatable strings from a single RTF-based template (including sub templates and style templates) or a single BI Publisher layout template (.xpt file). Use this option when you only need the final report documents translated. For example, your enterprise requires translated invoices to send to German and Japanese customers.
For information describing the process of downloading and uploading translation files, refer to the "Adding Translations for the BI Publisher Catalog and Reports" of the Oracle Fusion Middleware Administrator's and Developer's Guide for Oracle Business Intelligence Publisher.
The following section provides a scenario of how Oracle Adaptive Access Manager's reports are used.
You are Marty, a business analyst for Acme Corp. You have been asked to gather some aggregate data on the impact to customers by the Oracle Adaptive Access Manager security system.
Directions: Run the KBA challenge statistics report and rules aggregate breakdown report. Also run the recent logins report, filtering for sessions that resulted in a block. Run all the reports with XLS output so you can share the results with your business unit.
This use case demonstrates how to use BI Publisher reports.
Log in to the BI Publisher as an Analyst.
Select OAAM under Shared Folders.
Under oaam folder, select oradb.
Locate the report to run.
Under the Common folder, click RecentLogins to view the RecentLogins report.
Under the KBA folder, click ChallengeStatistics to view the Challenge Statistics report.
Under the KBA folder, click QuestionStatistics to view the QuestionStatistics report
Under the Security folder, click RulesBreakdown to view the RulesBreakdown report.
For the RecentLogins report, select Blocked in Auth Status as a search criteria.
Repeat the following steps for each report.
Click View.
In Template menu, select Excel2000 and click Export.
The LoginSummary displays login aggregate summary for the designated date range.
Log in to Oracle BI Publisher using a URL of the form:
http://host.domain.com:port/xmlpserver/
On the main page, click OAAM under Shared Folders and then oradb.
Under the Security folder, click LoginSummary to view the LoginSummary report.
The Login Summary Report opens with the default time range of one month.
The summary graph shows the following:
The count of sessions
The count of users
The count of registrations
The count of blocks
Save or export the report as desired.
|
 Copyright © 2010, 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|