User and Role Access Audit Report
The User and Role Access Audit Report provides details of the function and data security privileges granted to specified users or roles. This information is equivalent to the information that you can see for a user or role on the Security Console.
This report is based on data in the Applications Security tables, which you populate by running the Import User and Role Application Security Data process. To run the User and Role Access Audit Report:
-
In the Scheduled Processes work area, click Schedule New Process.
-
Search for and select the User and Role Access Audit Report process.
-
In the Process Details dialog box, set parameters and click Submit.
-
Click OK to close the confirmation message.
User and Role Access Audit Report Parameters
Population Type
Set this parameter to one of these values to run the report for one user, one role, multiple users, or all roles.
-
All roles
-
Multiple users
-
Role name
-
User name
User Name
Search for and select the user name of a single user.
This field is enabled only when Population Type is User name.
Role Name
Search for and select the name of a single aggregate privilege or data, job, abstract, or duty role.
This field is enabled only when Population Type is Role name.
From User Name Starting With
Enter one or more characters from the start of the first user name in a range of user names.
This field is enabled only when Population Type is Multiple users. It enables you to report on a subset of all users.
To User Name Starting With
Enter one or more characters from the start of the last user name in a range of user names.
This field is enabled only when Population Type is Multiple users. It enables you to report on a subset of all users.
User Role Name Starts With
Enter one or more characters from the start of a role name.
This field is enabled only when Population Type is Multiple users. It enables you to report on a subset of all users and roles.
Data Security Policies
Select Data Security Policies to view the data security report for any population. If you leave the option deselected, then only the function security report is generated.
Debug
Select Debug to include the role GUID in the report. The role GUID is used to troubleshoot. Select this option only when requested to do so by Oracle Support.
Viewing the Report Results
The report produces either one or two .zip files, depending on the parameters you select. When you select Data Security Policies, two .zip files are generated, one for data security policies and one for functional security policies in a hierarchical format.
The file names are in the following format: [FILE_PREFIX]_[PROCESS_ID]_[DATE]_[TIME]_[FILE_SUFFIX]. The file prefix depends on the specified Population Type value.
This table shows the file prefix values for each report type.
|
Report Type |
File Prefix |
|---|---|
|
User name |
USER_NAME |
|
Role name |
ROLE_NAME |
|
Multiple users |
MULTIPLE_USERS |
|
All roles |
ALL_ROLES |
This table shows the file suffix, file format, and file contents for each report type.
|
Report Type |
File Suffix |
File Format |
File Contents |
|---|---|---|---|
|
Any |
DataSec |
CSV |
Data security policies. The .zip file contains one file for all users or roles. The data security policies file is generated only when Data Security Policies is selected. Note: Extract the data security policies only when necessary, as generating
this report is time consuming.
|
|
Any |
Hierarchical |
CSV |
Functional security policies in a hierarchical format. The .zip file contains one file for each user or role. |
|
CSV |
CSV |
Functional security policies in a comma-separated, tabular format. |
The process also produces a .zip file containing a diagnostic log.
For example, if you report on a job role at 13.30 on 17 December 2015 with process ID 201547 and the Data Security Policies option selected, then the report files are:
-
ROLE_NAME_201547_12-17-2015_13-30-00_DataSec.zip
-
ROLE_NAME_201547_12-17-2015_13-30-00_Hierarchical.zip
-
Diagnostic.zip