Oracle Access Manager enables you to use Oracle BI Publisher as the reporting solution for Oracle Access Management services. Access Manager provides a restricted-use license for Oracle BI Publisher and easy-to-use reporting packages.
This chapter contains the following sections.
Note:
For large-scale deployments, it is recommended that you deploy a dedicated enterprise-class reporting solution. A solution based on tools such as Oracle Business Intelligence Enterprise Edition can provide the flexibility, automation, and performance required for a large-scale organizations.Oracle Access Management integrates with Oracle Business Intelligence Publisher, which provides a pre-defined set of compliance reports. The data in the database audit store is exposed through pre-defined reports in Oracle Business Intelligence Publisher. These reports allow you to drill down the audit data based on various criteria, such as user name, time range, application type, and execution context identifier (ECID).
Out-of-the-box, there are several sample audit reports available with Oracle Access Management and accessible with Oracle Business Intelligence Publisher. You can also use Oracle Business Intelligence Publisher to create your own custom reports.
Oracle BI Enterprise Edition (Oracle BI EE) is a comprehensive set of enterprise business intelligence tools and infrastructure, including a scalable and efficient query and analysis server, an ad-hoc query and analysis tool, interactive dashboards, proactive intelligence and alerts, real-time predictive intelligence, and an enterprise reporting engine. Oracle BI EE is designed to bring greater business visibility and insight to a wide variety of users.
The components of Oracle Business Intelligence Enterprise Edition share a common service-oriented architecture, data access services, analytic and calculation infrastructure, metadata management services, semantic business model, security model and user preferences, and administration tools. Oracle Business Intelligence Enterprise Edition provides scalability and performance with data-source specific optimized analysis generation, optimized data access, advanced calculation, intelligent caching services, and clustering. The following are Oracle Access Management reporting features:
Select and view reports from a predefined list in the BI Publisher.
Filter report information.
View reports on-screen in the desired format.
Provide interactive reports.
To access Access Manager Reports, you must start BI Publisher and run them. BI Publisher cannot be accessed through the Access Manager Console. You must open BI publisher explicitly to access Access Manager reports.
Navigate to Start, Oracle BI Publisher Desktop, Oracle - BIPHome10134 and click Start BI Publisher.
The Oracle BI Publisher Home page appears.
Enter the user name and password.
Click Sign In.
Start Access Manager Reports.
See "Accessing Oracle Access Management Reports" for more information.
Click the more... link under Shared Folders.
Click Access Manager Reports to access the reports.
Alternately, click the more... link under Access Manager Reports. The resulting page displays the Access Manager Reports classified according to functional area.
Select the report to view by clicking its name.
Click View.
The Report Input Parameters page displays the input parameters that must be provided to run a report. The parameters act as filter criteria. In some cases, at least one or more fields are mandatory while some reports do not require any input parameters. If you leave the input parameter field blank and click View, all the information associated with the report is displayed.
Enter the required parameters, if any.
Click View to run the report.
The report is displayed.
All BI Publisher reports are generated in a native XML format. This XML can be transformed into other output formats. The following formats are supported:
HTML
RTF
MHTML
Access Manager Reports are classified based on functional area. For example, Access Policy Reports, Attestation, Request and Approval Reports and Password Policy Reports are available. (It is no longer named Operational and Historical.) Oracle Access Manager Reports are classified into the following categories based on their functional areas:
The Accounts_Locked_Out Report is the account management report that allows administrators to view details about accounts that have been locked out.
Authentication reports allow administrators to view details regarding user authentications. They include:
This report contains details regarding failed and successful authentications.
This report contains details regarding failed and successful authentications from a particular IP address.
This report contains details regarding failed and successful authentications from this IP address.
This report contains details regarding failed and successful authentications from a particular server instance.
Error and exception reports allow administrators to view errors and exceptions logged during the authentication process. They include:
This report contains details regarding errors and exceptions encountered during runtime.
Table 9-6 All Errors and Exceptions Report Fields
| Field | Description |
|---|---|
|
User ID |
Identifier of the locked out user |
|
Timestamp |
Time stamp of the lockout |
|
Component/Application Name |
Component from which the user has been locked out |
|
Client IP Address |
IP address of the client |
|
Message Event |
The error or exception |
|
Event Details |
Information regarding the error or exception |
This report contains details regarding failed and successful authentications.
Table 9-7 Authentication Failures Report Fields
| Field | Description |
|---|---|
|
User ID |
Identifier of the locked out user |
|
Timestamp |
Time stamp of the lockout |
|
Component/Application Name |
Component from which the user has been locked out |
|
Client IP Address |
IP address of the client |
|
Authentication Method |
Authentication method |
|
Message Event Details |
Message regarding the failed authentication |
|
Authorization_Failures |
Authorization failure |
There are no fields to define in this report.
This report contains details regarding failed and successful authentications.
Table 9-8 Authentication History Report Fields
| Field | Description |
|---|---|
|
User ID |
Identifier of the locked out user |
|
Timestamp |
Time stamp of the lockout |
|
Component/Application Name |
Component from which the user has been locked out |
|
Client IP Address |
IP address of the client |
|
Authentication Method |
Authentication method |
|
Message Event Details |
Message regarding the failed authentication |
|
Authorization_Failures |
Authorization failure |
This report contains details regarding failed and successful authorizations.
Table 9-9 Authorization History Report Fields
| Field | Description |
|---|---|
|
User ID |
Identifier of the locked out user |
|
Timestamp |
Time stamp of the lockout |
|
Component/Application Name |
Component from which the user has been locked out |
|
Client IP Address |
IP address of the client |
|
Authentication Method |
Authentication method |
|
Message Event Details |
Message regarding the failed authentication |
|
Authorization_Failures |
Authorization failure |
Access Manager supports the creation of reports by using third-party tools such as Crystal Reports. To learn how to create reports by using third-party software, see the third-party software documentation. Additional information on the audit schema and creating custom reports can be found in the Oracle Fusion Middleware Application Security Guide.
is there content for this?