Bookshelf Home | Contents | Index | PDF     

Implementation Guide for Oracle Billing Insight > Reporting on Audit Data >

Reporting on User Audit Data

Oracle Billing Insight audits some enrollment user actions performed in the Self-Service application.

Oracle Billing Insight audits the following actions that occur when creating users:

  • A business administrator creates another business user's account.
  • A consumer user creates his or her own account.
  • The default agent administrator creates another agent administrator account.
  • An agent administrator creates an agent user's account.
  • An agent administrator creates another business administrator's account.
  • An agent user (administrator or agent) impersonates a business administrator creating another business user's account.

Oracle Billing Insight audits the following actions that occur when enrolling users:

  • A user enrolls.
  • An agent user (administrator or agent) enrolls.

Oracle Billing Insight audits the following actions that occur when updating user profiles:

  • A user updates his or her own user access information.
  • A user updates his or her own notification settings.
  • A business user (administrator or manager) updates another business user's user access information.
  • An agent user (administrator or agent) updates his or her own user access information.
  • An agent administrator updates another agent user's user access information.
  • An agent (administrator or agent) updates another business user's user access information.
  • An agent (administrator or agent) updates the following by impersonation:
    • His or her own notification settings.
    • His or her own user access information.
    • A business user (administrator or manager) updates another business user's user access information.
  • A user or agent user enrolls to complete the reactivation process after clicking the URL in an email notification.
  • A user or agent user resets his or her forgotten password.
  • A migrated user or agent user creates a new HIPPA-compliant password after clicking the URL in the email notification.
  • A user or agent user updates his or her own expired password.

Oracle Billing Insight audits the following actions that occur when deleting users:

  • A business administrator user deletes another business user's account.
  • An agent user (administrator or agent) deletes a user's account.
  • An agent administrator deletes another agent user's account.
  • An agent user (administrator or agent) impersonates a business administrator user deleting another business user's account.

Oracle Billing Insight audits the following actions that occur when logging in and out:

  • A user logs in.
  • An agent user (administrator or agent) logs in.
  • An agentuser (administrator or agent) impersonates a business or consumer user logging in or out.
  • A business, consumer, or agent user fails to log in.
  • An agent administrator reactivates a locked-out account.

You can report on the audit data for each user role, including the user who performed the action, the date and time, IP address, and various attributes. For details about payment audit data, see About Payment Auditing. For information about database auditing, see Identifying the Installed Version of Oracle Billing Insight.

You can create customized reports on the audited user enrollment data. Oracle Billing Insight stores audit data for user enrollment activities in the EDX_UMF_USER_AUDIT table. Table 116 describes the EDX_UMF_USER_AUDIT table:

Table 116. EDX_UMF_USER_AUDIT Table
Column Name
Description

ID

A unique ID assigned to the each occurrence of a user enrollment event, generated automatically by sequence.

USER_ID

The ID of the user who performed the action, either on his or her own account or on another user's account.

ACTION

The ID indicating the type of user action. (Action type IDs are defined in the EDX_UMF_USER_ACTION_TYPE table.)

ACTION_DATE

The date of the user action.

TARGET_USER_ID

The ID of the target user. If the user performed the action on his or her own account (the target user is the same as the USER_ID), then the value in this column is null.

USER_ROLE

The role of the user who performed the action.

NOTES

The reason for locking an account: Incorrect Login, Reset Password, Security Question, or Account Expired. (User account reactivation only.)

ATTRIBUTES

The changed attribute.

IP_ADDRESS

The IP address of the user who accessed the Self-Service application.

Table 117 Describes the user action type table, EDX_UMF_USER_ACTION_TYPE:

Table 117. Definition of the EDX_UMF_USER_ACTION_TYPE Table
Column Name
Description

ID

ID associated with the user action type.

TYPE

User action type.

RESOURCE_KEY

Key for the language resource bundle.

Table 118 shows the ID associated with each type of user action. These associations are stored in the EDX_UMF_USER_ACTION_TYPE Table:

Table 118. ID of User Action Types Stored in the EDX_UMF_USER_ACTION_TYPE Table
ID
User Action Type

1

Reactivate

2

Impersonate-login

3

Impersonate-logout

4

Login

5

Logout

6

Update user profile

7

Update notifications

9

Reset password

10

Create user

13

Enroll user

16

Delete user

17

Login failure

Table 119 shows the user action type recorded in the EDX_UMF_USER_AUDIT table for each user enrollment activity in Oracle Billing Insight.

Table 119. User Action Types Used for Each User Enrollment Activity
User Action Type ID and Description
Associated User Enrollment Activities
Valid Attributes

1 - Reactivate

An agent administrator reactivates a locked-out account.

Password

2-Impersonate-login

An agent user (administrator or agent) impersonates a business or consumer user logging in.

Null

3-Impersonate- logout

An agent user (administrator or agent) impersonates a business or consumer user logging out.

Null

4-Login

A business, consumer, or agent user logs in.

Null

5-Logout

A business, consumer, or agent user logs in.

Null

6 - Update user profile

A business, consumer, or agent user updates his or her own user access information.

One of the following:

  • One or more of the following: First name, last name, and email address
  • Password
  • Security question and answer

6 - Update user profile

A business user (administrator or manager) updates another business user's access information.

One of the following:

  • One or more of the following: First name, last name, and email address
  • Role

6 - Update user profile

An agent administrator updates another agent user's access information.

One of the following:

  • One or more of the following: First name, last name, and email address
  • Role

6 - Update user profile

An agent user (administrator or CSR) updates a business or consumer user's access information by impersonation.

One of the following:

  • One or more of the following: First name, last name, and email address
  • Role

6 - Update user profile

A migrated business, consumer, or agent user creates a new HIPPA-compliant password.

Null

6 - Update user profile

A business, consumer, or agent user updates his or her own expired password.

Password

7 - Update notifications
  • A business or consumer user updates his or her own notification settings.
  • An agent user (administrator or agent) updates a business or consumer user's notifications by impersonation.

Notifications

9 - Reset password

A business, consumer, or agent user resets his or her forgotten password.

Password

10 - Create user
  • A business administrator creates another business user's account.
  • A consumer user creates his or her own account.
  • The default agent administrator creates another agent administrator account.
  • An agent administrator creates another agent user's account.
  • An agent administrator creates a business administrator's account.
  • An agent administrator or user creates a business user's account while impersonating a business administrator.

Null

13 - Enroll user
  • A business or consumer user enrolls.
  • An agent user (administrator or agent) enrolls.
  • A migrated business, consumer, or agent user creates a new HIPPA-compliant password.

Null

 
  • A business, consumer, or agent user enrolls to complete the reactivation process after clicking the URL in an email notification.

Security Question and Answer

16 - Delete user
  • A business administrator user deletes another business user's account.
  • An agent user (administrator or agent) deletes a business or consumer user's account by impersonation.
  • An agent administrator deletes another agent user's account.

Null

17 - Login failure

A business, consumer, or agent user login fails.

Null

    
Implementation Guide for Oracle Billing Insight Copyright © 2016, Oracle and/or its affiliates. All rights reserved. Legal Notices.