Impersonation Audit
Users can temporarily designate other users to impersonate their profiles and perform application tasks on their behalf. Let’s understand how the tasks that an impersonator does in the application, are audited.
Here are a few things to know about impersonation auditing:
- Impersonation auditing is controlled using the Audit Impersonation Transaction Enabled profile option. By default, it’s enabled and the profile value is set to Yes. To disable it, set the profile value to No.
- Even when auditing is disabled for an application, impersonation auditing remains active.
- At runtime, the audit setup tracks and stores information about attributes, even when auditing isn't enabled for the attributes.
- While viewing audit history, users can retrieve the audited information, filtered by an impersonated user.
Impersonation auditing is limited in scope and applies only to the business objects in
the Manage Audit Policies task.
| Impersonation Auditing Enabled? | What an Impersonator can do |
|---|---|
| Yes | Impersonator can update only the business objects in the Manage Audit Policies task. This is because, impersonation auditing information can be fully captured only for these business objects. |
| No |
Impersonator can update business objects that aren't part of the Manage Audit Policies tasks also. Caution: Even if impersonation
auditing is disabled, impersonation information is still
captured in the audit tables. But, if there's no corresponding
audit table for the base table, then the activities are audited
as if the actual user performed them.
|