roleAssignmentAuditReport

Creates an audit report that lists the changes made to predefined and application role assignments over a period of time corresponding to the audit data retention period specified for your environment. The default retention period is 30 days. You can extend the retention of predefined role audit data to a maximum of 90 days by changing the Audit Data Retention Period (days) setting in the Oracle Cloud Identity Console. Application role audit data is available for a maximum of 120 days. To retain the audit data for longer durations, periodically download and archive this report and the Invalid Login Report.

The Role Assignment Audit Report lists the User Login Name, IDCS Group Name, or EPM Group Name for which a role change (in Action column) was made. It also includes the predefined or application role that was assigned or unassigned, the user who performed the role change (Performed By column), and the timestamp (UTC) in 24-hour format when the action was completed. The Type column indicates what Name column represents. It can have one of these three values: User (if the Name column identifies a login name of a user), IDCS Group (if the Name column displays an IDCS group name), or EPM Group (if the Name column lists an EPM group name).


Sample Role Assignment Audit report

Information on deleted users who were previously assigned to predefined roles in the environment is listed with the display name (first and last name) of the user in the Name column. In such cases, the Role column indicates the predefined role that the user had before the user's account was deleted. This change does not apply to application roles, if any, that was assigned to the deleted user; such assignments are shown with the User Login Name of the user. For an example, see the information in the red box in the following illustration.


Sample Role Assignment Audit report

Applies to

Planning, Planning Modules, FreeForm, Financial Consolidation and Close, Tax Reporting, Account Reconciliation, Profitability and Cost Management, Enterprise Profitability and Cost Management,Oracle Fusion Cloud Enterprise Data Management, Narrative Reporting, Strategic Workforce Planning, and Sales Planning.

Required Roles

  • Service Administrator
  • Any predefined role and the Identity Domain Administrator role
  • Any predefined role and the Access Control - Manage application role
  • Any predefined role and the Access Control - View application role

Usage

epmAutomate roleAssignmentAuditReport FROM_DATE TO_DATE FILE_NAME.CSV, where:

  • FROM_DATE indicates the start date (in YYYY-MM-DD format) of the period for which the report is to be generated.
  • TO_DATE indicates the end date (in YYYY-MM-DD format) of the period for which the report is to be generated.
  • FILE_NAME is the name of a CSV file for the report. You can download the generated report using the downloadFile command.

  • Note:

    Oracle Fusion Cloud Enterprise Performance Management ensures that only valid date range is used during report generation. These validations are performed for the from and to dates:
    • The FROM_DATE cannot be earlier than the allowed maximum retention period from the current date. This date must fall within the value of the Audit Data Retention Period (Days) setting in the Oracle Cloud Identity Console.
    • The TO_DATE cannot be later than the maximum retention period from the FROM_DATE date.
    • The TO_DATE cannot be earlier than the FROM_DATE.

Example

epmAutomate roleAssignmentAuditReport 2024-12-11 2025-01-09 RoleAuditReport.CSV