Implementation Guide for Oracle Billing Insight > Reporting on Audit Data >
Reporting on User Audit Data
Oracle Billing Insight audits some enrollment user actions performed in the Self-Service application. Oracle Billing Insight audits the following actions that occur when creating users:
- A business administrator creates another business user's account.
- A consumer user creates his or her own account.
- The default agent administrator creates another agent administrator account.
- An agent administrator creates an agent user's account.
- An agent administrator creates another business administrator's account.
- An agent user (administrator or agent) impersonates a business administrator creating another business user's account.
Oracle Billing Insight audits the following actions that occur when enrolling users:
- A user enrolls.
- An agent user (administrator or agent) enrolls.
Oracle Billing Insight audits the following actions that occur when updating user profiles:
- A user updates his or her own user access information.
- A user updates his or her own notification settings.
- A business user (administrator or manager) updates another business user's user access information.
- An agent user (administrator or agent) updates his or her own user access information.
- An agent administrator updates another agent user's user access information.
- An agent (administrator or agent) updates another business user's user access information.
- An agent (administrator or agent) updates the following by impersonation:
- His or her own notification settings.
- His or her own user access information.
- A business user (administrator or manager) updates another business user's user access information.
- A user or agent user enrolls to complete the reactivation process after clicking the URL in an email notification.
- A user or agent user resets his or her forgotten password.
- A migrated user or agent user creates a new HIPPA-compliant password after clicking the URL in the email notification.
- A user or agent user updates his or her own expired password.
Oracle Billing Insight audits the following actions that occur when deleting users:
- A business administrator user deletes another business user's account.
- An agent user (administrator or agent) deletes a user's account.
- An agent administrator deletes another agent user's account.
- An agent user (administrator or agent) impersonates a business administrator user deleting another business user's account.
Oracle Billing Insight audits the following actions that occur when logging in and out:
- A user logs in.
- An agent user (administrator or agent) logs in.
- An agentuser (administrator or agent) impersonates a business or consumer user logging in or out.
- A business, consumer, or agent user fails to log in.
- An agent administrator reactivates a locked-out account.
You can report on the audit data for each user role, including the user who performed the action, the date and time, IP address, and various attributes. For details about payment audit data, see About Payment Auditing. For information about database auditing, see Identifying the Installed Version of Oracle Billing Insight. You can create customized reports on the audited user enrollment data. Oracle Billing Insight stores audit data for user enrollment activities in the EDX_UMF_USER_AUDIT table. Table 116 describes the EDX_UMF_USER_AUDIT table:
Table 116. EDX_UMF_USER_AUDIT Table
|
|
ID |
A unique ID assigned to the each occurrence of a user enrollment event, generated automatically by sequence. |
USER_ID |
The ID of the user who performed the action, either on his or her own account or on another user's account. |
ACTION |
The ID indicating the type of user action. (Action type IDs are defined in the EDX_UMF_USER_ACTION_TYPE table.) |
ACTION_DATE |
The date of the user action. |
TARGET_USER_ID |
The ID of the target user. If the user performed the action on his or her own account (the target user is the same as the USER_ID), then the value in this column is null. |
USER_ROLE |
The role of the user who performed the action. |
NOTES |
The reason for locking an account: Incorrect Login, Reset Password, Security Question, or Account Expired. (User account reactivation only.) |
ATTRIBUTES |
The changed attribute. |
IP_ADDRESS |
The IP address of the user who accessed the Self-Service application. |
Table 117 Describes the user action type table, EDX_UMF_USER_ACTION_TYPE:
Table 117. Definition of the EDX_UMF_USER_ACTION_TYPE Table
|
|
ID |
ID associated with the user action type. |
TYPE |
User action type. |
RESOURCE_KEY |
Key for the language resource bundle. |
Table 118 shows the ID associated with each type of user action. These associations are stored in the EDX_UMF_USER_ACTION_TYPE Table:
Table 118. ID of User Action Types Stored in the EDX_UMF_USER_ACTION_TYPE Table
|
|
1 |
Reactivate |
2 |
Impersonate-login |
3 |
Impersonate-logout |
4 |
Login |
5 |
Logout |
6 |
Update user profile |
7 |
Update notifications |
9 |
Reset password |
10 |
Create user |
13 |
Enroll user |
16 |
Delete user |
17 |
Login failure |
Table 119 shows the user action type recorded in the EDX_UMF_USER_AUDIT table for each user enrollment activity in Oracle Billing Insight.
Table 119. User Action Types Used for Each User Enrollment Activity
User Action Type ID and Description |
Associated User Enrollment Activities |
|
1 - Reactivate |
An agent administrator reactivates a locked-out account. |
Password |
2-Impersonate-login |
An agent user (administrator or agent) impersonates a business or consumer user logging in. |
Null |
3-Impersonate- logout |
An agent user (administrator or agent) impersonates a business or consumer user logging out. |
Null |
4-Login |
A business, consumer, or agent user logs in. |
Null |
5-Logout |
A business, consumer, or agent user logs in. |
Null |
6 - Update user profile |
A business, consumer, or agent user updates his or her own user access information. |
One of the following:
- One or more of the following: First name, last name, and email address
- Password
- Security question and answer
|
6 - Update user profile |
A business user (administrator or manager) updates another business user's access information. |
One of the following:
- One or more of the following: First name, last name, and email address
- Role
|
6 - Update user profile |
An agent administrator updates another agent user's access information. |
One of the following:
- One or more of the following: First name, last name, and email address
- Role
|
6 - Update user profile |
An agent user (administrator or CSR) updates a business or consumer user's access information by impersonation. |
One of the following:
- One or more of the following: First name, last name, and email address
- Role
|
6 - Update user profile |
A migrated business, consumer, or agent user creates a new HIPPA-compliant password. |
Null |
6 - Update user profile |
A business, consumer, or agent user updates his or her own expired password. |
Password |
7 - Update notifications |
- A business or consumer user updates his or her own notification settings.
- An agent user (administrator or agent) updates a business or consumer user's notifications by impersonation.
|
Notifications |
9 - Reset password |
A business, consumer, or agent user resets his or her forgotten password. |
Password |
10 - Create user |
- A business administrator creates another business user's account.
- A consumer user creates his or her own account.
- The default agent administrator creates another agent administrator account.
- An agent administrator creates another agent user's account.
- An agent administrator creates a business administrator's account.
- An agent administrator or user creates a business user's account while impersonating a business administrator.
|
Null |
13 - Enroll user |
- A business or consumer user enrolls.
- An agent user (administrator or agent) enrolls.
- A migrated business, consumer, or agent user creates a new HIPPA-compliant password.
|
Null |
|
- A business, consumer, or agent user enrolls to complete the reactivation process after clicking the URL in an email notification.
|
Security Question and Answer |
16 - Delete user |
- A business administrator user deletes another business user's account.
- An agent user (administrator or agent) deletes a business or consumer user's account by impersonation.
- An agent administrator deletes another agent user's account.
|
Null |
17 - Login failure |
A business, consumer, or agent user login fails. |
Null |
|