Audit Policies
Auditing is used to monitor user activity and all configuration, security, and data changes that have been made to an application. Auditing involves recording and retrieving information pertaining to the creation, modification, and removal of business objects.
All actions performed on the business objects and the modified values are also recorded. The audit information is stored without any intervention of the user or any explicit user action.
Use audit policies to select specific business objects and attributes to be audited. The decision to create policies usually depends on the type of information to be audited and to the level of detail required for reporting.
Enabling Audit Functionality
For Oracle Applications Cloud, you must configure the business objects and select the attributes before enabling audit. If you enable audit without configuring the business objects, auditing remains inactive. By default, auditing is disabled for all applications. To enable and manage audit, ensure that you have a role with the assigned privilege Manage Audit Policies (FND_MANAGE_AUDIT_POLICIES_PRIV). For appropriate assignment of roles and privileges, check with your security administrator.
To enable auditing for Oracle Fusion Middleware products, select one of the levels at which auditing is required for that product. The audit levels are predefined and contain the metadata and events to be audited. For more information, see Audit Events for Oracle Applications Cloud Middleware (Doc ID 2114143.1) on My Oracle Support.
If you don't want an application to be audited, you can stop the audit process by setting the Audit Level option to None. Also, note that there's no specified retention period for the audited data or the logs. Follow your company policy for retaining or removing such data.