Auditing user activity provides accountability; it tracks what has been done, when, and by whom. Auditing is accomplished either through Oracle Fusion Middleware Framework, or through This chapter describes auditing in EDQ. It includes the following sections:
Where EDQ is installed with an Oracle WebLogic Server domain, you can configure it to log audit events via the Oracle Fusion Middleware Audit Framework. For detailed information on the framework see "Introduction to Oracle Fusion Middleware Audit Service" in Oracle Fusion Middleware Securing Applications with Oracle Platform Security Services.To enable audit event logging:
Open the Enterprise Manager 12c Fusion Middleware Control application.
The path to this application is:
http://[servername]:[weblogic server admin port, e.g. 7001]/em
Navigate to the EDQ domain in the Target Navigation Tree on the left of the window.
Right-click the domain and select Security > Audit Policy.
Select "EDQ" in the Audit Component Name field.
Select "Custom" in the Audit Level field.
Select the categories to log, and the events within those categories.
Click Apply, or Revert to abandon the changes.
Set the directory property in the audit.properties file to be any other directory (that exists), relative to your local config home.
For example, add the line:
directory = myAudits
to your new file, where myAudits is a folder that exists at the same level as your new audit.properties file.
The EDQ event categories and types are as follows:
| Event Category | Event Types |
|---|---|
| Asset Transfer | Import Package |
| Case Management | Bulk Delete, Bulk Update, Bulk Assignment, Display Data edited, Export, Edit, Assignment updated, State changed, Comment added, Comment deleted, Comment edited, Attachment added, Attachment deleted |
| Case Management Admin | Case Source Added, Case Source Imported, Case Source Deleted, Permission Added, Permission Modified, Permission Deleted, Workflow Added, Workflow Imported, Workflow Deleted, Parameter Added, Parameter Modified, Parameter Deleted, Reception Action Added, Reception Action Modified, Reception Action Deleted, Reception Transition Added, Reception Transition Modified, Reception Transition Deleted, State Transition Added, State Transition Modified, State Transition Deleted, Workflow State Added, Workflow State Modified, Workflow State Deleted |
| Group Permission Management | Join group, Leave group, Leave all groups, Create group, Delete group, Change permissions. |
| Launchpad Management | Extension Add, Extension Delete, Front Page Update |
| Object Management | Create, Update, Delete. |
| User Management | Login, Logout, Password Change, Password Expire, User Blocked, User Blocked Temporarily, User Unblocked, User Created, User Updated, User Deleted, Security Configuration Updated. |
The attributes that can be logged by events and the corresponding Custom Attribute Slot are listed in the following table. Please note that this is not a complete list.
| Event Attribute | Description | Custom Attribute Slot |
|---|---|---|
| Affected user | The name of the user for the logged event. | IAU_STRING_001 |
| Login application | The name of the application that has been logged into. | IAU_STRING_002 |
| Project Name | The name of the project containing the affected object. This attribute is left blank for system-level objects. | IAU_STRING_003 |
| Item Type | The type of object created, modified or deleted. | IAU_STRING_004 |
| Item Name | The name of the object created, modified or deleted. | IAU_STRING_005 |
| Affected user | The name of the user affected by changes made by an administrator. | IAU_STRING_006 |
| Affected group | The name of the group affected by changes made by an administrator. | IAU_STRING_007 |
| Added Permissions | List of permissions added to a group. | IAU_LONGSTRING_001 |
| Removed Permissions | List of permissions removed from a group. | IAU_LONGSTRING_002 |
Custom attributes are stored in the iau_custom table. For more information, see "Audit Reporting with the Dynamic Metadata Model" in Oracle Fusion Middleware Securing Applications with Oracle Platform Security Services. The generic attributes for the event are stored in the iau_common table. Both of these are in the IAU schema ([RCUPREFIX]_IAU).
Once enabled, EDQ audits events by calling the central Oracle Fusion Middleware Audit Framework APIs. The audit events can then be stored either as files or in a database for compliance reporting purposes. For more information on how to store and report on the results of auditing, see Oracle Fusion Middleware Securing Applications with Oracle Platform Security Services.
Where EDQ is installed in Apache Tomcat, or if you prefer not to use Oracle Fusion Middleware Audit Framework, audit logs can instead be written to files on disk.
To enable this, create a file named audit.properties in the local configuration directory and add the line:
enabled = true
You can then either create a directory named audit in your local configuration directory, or specify a path to an existing directory using the directory property in audit.properties. This path is specified relative to the local configuration directory.
For more fine-grained control over the specific categories and events that are audited, you can turn certain categories off. To do so add lines of the following structure to audit.properties:
category.<category name>. enabled = false
You can then turn individual events for that category back on, or turn them off if the category has been left enabled, as follows:
category.<category name>.<event name>.enabled = <true/false>
Upon audit events being generated, they will be placed in per-category files within the configured audit directory. These files contain entries as comma-separated values with the first line containing column headers.