1. Using Oracle Data Safe
  2. User Assessment
  3. Analyze Potential Risk by Using the User Assessment Dashboard
  4. A First Look at the User Assessment Dashboard
  5. Risk Summary, Target Summary, and Notifications Tables

Risk Summary, Target Summary, and Notifications Tables

The dashboard provides three tables – Risk Summary, Target Summary, and Notifications.

The Risk Summary Table

The Risk Summary focuses on potential risk levels, where the potential risks were found, the number of users at each potential risk level and the roles held by the total number of users at each potential risk level.


Description of png-user-assessment-risk-summary.png follows
Description of the illustration png-user-assessment-risk-summary.png

In the Potential Risk column, click on a potential risk level to view the users with that potential risk level from all target databases in the selected scope. For example, click Critical to view all users marked as Critical.

If a user is in the Critical or High potential risk category, this does not mean that the user has performed any inappropriate actions. It means the user has privileges that include access to important database functionality and that in the findings identified by the assessment, the need for such access should be confirmed.

The chart under Potential Critical Risks shows the roles held among the body of users considered to be potential critical risks as well as the most recent logins and password changes among these users. Clicking on a segment of any chart will automatically filter the Details below accordingly. To clear the filter either click outside of a chart or clear the filter in the Details section.


Description of png-user-assessment-critical-risk.png follows
Description of the illustration png-user-assessment-critical-risk.png

Important:

A malicious actor who acquires access to a user account that is rated as a High or Critical potential risk can have a devastating impact on a database and its data. The actions of highly privileged users should be audited. Their privileges and role grants should be validated.

The Details table below the charts provides more details on each user. It identifies the database where the user account exists, whether the user is highly privileged or not, what roles they hold, the potential risk level assigned to this finding, current status of the finding, and last login for the user.


Description of png-user-assessment-risk-details.png follows
Description of the illustration png-user-assessment-risk-details.png

Click on the User Name to get additional details about the user including the roles and privileges granted to the user. For example:


Description of png-user-assessment-user-details.png follows
Description of the illustration png-user-assessment-user-details.png

From the Risk Summary tab, click the Target Summary tab to shift the focus to each target database, including the findings from the most recent assessment of that database. Oracle Data Safe generates a report for each target database included in an assessment. For any of the target databases listed you can click View Report to see the details.


Description of png-user-assessment-target-summary.png follows
Description of the illustration png-user-assessment-target-summary.png

Notifications

The Notifications tab shows you what event notifications and subscriptions you have created for User assessment. More specifically, it displays the event, rule name, topic name, and when the event notification was created. This table will only show Events that you have created directly within Data Safe. In addition to displaying existing event notifications, you can also create new notifications by using the Create notification button. See Creating Event Notifications for User Assessment for more information.