In OCI (Gen 2) environments, creates an audit report that lists the changes made to predefined and application role assignments over a period of time corresponding to the audit data retention period specified for your environment. The default retention period is 30 days. You can extend it to a maximum of 90 days by changing the Audit Retention Period (days) setting in the Oracle Cloud Identity Console. To retain the audit data for duration longer than 90 days, periodically download and archive this report and the Invalid Login Report.

The Role Assignment Audit Report lists the User Login Name for which a role change (in Action column) was made. It also includes the role that was assigned or unassigned, the user who performed the role change (Administrator column), and the timestamp (UTC) in 24-hour format when the action was completed.

Sample Role Assignment Audit report

Information on deleted users who were previously assigned to predefined roles in the environment is listed with the display name (first and last name) of the user in the User Name column. In such cases, the Role column indicates the predefined role that the user had before the user's account was deleted. This change does not apply to application roles, if any, that was assigned to the deleted user; such assignments are shown with the User Login Name of the user. For an example, see the information in the red box in the following illustration.

Sample Role Assignment Audit report

Applies to

Planning, Planning Modules, FreeForm, Financial Consolidation and Close, Tax Reporting, Account Reconciliation, Profitability and Cost Management, Enterprise Profitability and Cost Management,Oracle Enterprise Data Management Cloud, Narrative Reporting, Strategic Workforce Planning, and Sales Planning.

Required Roles

Service Administrator, or Identity Domain Administrator and any predefined role (Service Administrator, Power User, User, or Viewer)


epmAutomate roleAssignmentAuditReport FROM_DATE TO_DATE FILE_NAME.CSV, where:

  • FROM_DATE indicates the start date (in YYYY-MM-DD format) of the period for which the report is to be generated. This date must fall within the audit retention period specified in the Oracle Cloud Identity Console.
  • TO_DATE indicates the end date (in YYYY-MM-DD format) of the period for which the report is to be generated.
  • FILE_NAME is the name of a CSV file for the report. You can download the generated report using the downloadFile command.


epmAutomate roleAssignmentAuditReport 2021-06-01 2021-07-30 RoleAuditReport.CSV