View and Analyze User Assessments and Assessment History

There are several ways to view user assessments for your target databases. The latest assessment for a target database is always available from the Target summary tab.

View the Latest User Assessment for a Target Database

  1. On the User assessment landing page, select the Target summary tab.
  2. Next to Applied filters, select the compartment that contains the target database for which you want to view the latest assessment. You can access only compartments and target databases within compartments for which you have privileges.
  3. In the table, select the name of the latest assessment for your target database.
  4. On the Details tab, view general, target database, and baseline information about the assessment.
  5. On the Overview tab, gain a high-level perspective of the potential user risks on your target databases by viewing the following charts:
    • Potential user risk
    • User roles
    • Top 5 users by schema access
    • Last login
    • Last password change
    • Password expiry date
  6. Select the Assessment details tab to view details about individual users.
    • To view user profile details for a user, select the name of the user profile.
    • To view audit records for a user, select the View activity link. The All Activity Report opens.
    • Select the three dots on a user's row, and then select View roles and privileges or View schema list.
  7. Select the Compare with baseline tab to view a report that compares the latest user assessment with a baseline user assessment.
  8. Select the User profiles tab to view configuration information about each profile on the target database.

View a User Assessment Across Target Database Groups

User Assessment helps you identify and analyze potential user risks across all target database groups and provides recommendations.

  1. On the User assessment landing page, select the Target group summary tab.
  2. Next to Applied filters, select the compartments that contain the target databases that you want to analyze.
    • To review the overall security posture of your tenancy, set the scope to root with its child compartments. You can also set the scope to focus on a specific compartment of interest.
    • Within the selected scope, your view is determined by the privileges your account has been granted in OCI.
  3. View counts for critical and high risk levels, DBAs, DV admins, Audit admins, and Last assessed time.
  4. To view details for a particular target database group, select the target database group name.
    • The Details tab shows you general information and target database group information.
    • The Overview tab shows you the Potential user risk, User roles, Last password change, and Last login charts.
    • The Assessment details tab shows you details about each user; for example, the database user account name, target database name, user type, and so on.
    • The Tags tab lets you manage create and manage Oracle Cloud Infrastructure tags.

View Roles and Privileges for a User

User Assessment provides you with the ability to view details about the roles and privileges granted to a user.

  1. Open the latest user assessment for your target database.
  2. Select the Assessment details tab.
  3. View the DBA, DV admin, and Audit admin columns to learn if the user has one or more of those roles.
  4. To view more information about a user's roles and privileges, select the three dots at the end of the user's row, and select View roles and privileges.

View Schema Access Details for a User

User Assessment provides you with the ability to view details about the schemas that a user has access to.

  1. Open the latest user assessment for your target database.
  2. Select the Assessment details tab.
  3. View the Schema access column for the users.
  4. To view more information about the schemas, select the three dots at the end of a row, and select View schema list. The Schema list panel opens and shows the following information:
    • User name
    • User type
    • Potential risk
    • List of schema names
  5. To view more information about a schema, select the three dots for a schema name in the table, and then select Schema details. The Schema details panel opens and shows the following information:
    • Schema name
    • User name
    • Target database
    • A table with the following columns: Table name, sensitive, Access type, Privilege, Privilege type, Access through object, Grant from role, Table privilege grantable, Column name, and Table access constrained by.
  6. To view the table list, at the end of a row, select the three dots at the end of a row in the table, and then select View table list. The Table list panel opens and shows the following information:
    • Schema
    • User name
    • Sensitive
    • Access type
    • Privilege
    • Privilege type
    • List of tables
  7. To view the access path per role, select the three dots at the end of a row in the table, and then select View access path per role. The Access path per role panel opens and shows the following information:
    • User name
    • Table name
    • Privilege type
    • Privilege
    • Target database
    • Grant from role
    • The access path - expand the items to view the path
  8. To exit, select Close until all the panels are closed.

View Assessment History for Target Databases

The Assessment History in User Assessment lets you view all the auto-generated and saved user assessments for your target databases. From here, you can also open individual assessments.

  1. On the left navigation pane, under User assessment, select Assessment history.
  2. Next to Applied filters, select the compartment that contains your target databases.
  3. Next to Applied filters, configure a custom time period or select a preconfigured one. By default, data for the past week is automatically displayed.
  4. (Optional) Select the Search and Filter box and create a filter on target database, baseline, critical, high risk, DBA, or DV Admin to narrow the list of target databases.
  5. View the results in the table. Each line shows metadata for an assessment and high-level statistics.
    • Target database
    • Assessment name
    • Baseline (yes or No baseline set)
    • Created (timestamp) - For a baseline assessment, the date and time represents when the first baseline was set for any target in the current compartment. It's not necessarily the date and time the target-specific baseline you are viewing was created.
    • Status
    • Number of potential critical and high risk users, DBAs, DV admins, and Audit admins
  6. To sort the table based on a column, hover over a column heading, and then select the Sort Ascending or Sort Descending button.
  7. To filter the table based on a column, hover over a column heading, and then select the Filter button. A popup window appears. Configure a custom time range or select a preconfigured one.
  8. To open an assessment, select its name.
    • When viewing a saved assessment, you can set it as a baseline and download it as a report.

Generate and Download a Report of a User Assessment for a Target Database

You can generate and download a PDF or XLS report for the latest user assessment or baseline user assessment of a target database.

  1. Open the latest user assessment for a target database or a saved user assessment in the Assessment History.
  2. From the Actions menu, select Generate and download report. The Generate and download report panel opens.
  3. Select the Generate report tile. Select PDF or XLS as the report format, and then select Generate report.
  4. Select the Download Report tile. Select PDF or XLS as the report format, and then select Download report to save the report to your local computer.
  5. Select Cancel to close the panel.