6Managing Audit Policies
Implementation Concepts for Audit Policies
This topic discusses audit configuration for business object attributes.
Audit enables tracking the change history of particular attributes of a business object. However, those objects and their attributes must be selected for audit and auditing must be enabled for that application. Your configuration settings determine which attributes to audit for a given object, and when the audit starts and ends. Auditing takes into account all the operations performed on an object and its attributes, such as create, update, and delete. To configure audit business object attributes, use the Manage Audit Policies task in the Setup and Maintenance work area.
Selecting an Application
To set up auditing, you must select a web application that contains the required business objects that can be audited. From the list of business objects, select those business objects that you want to audit. Selecting a business object also displays its attributes that are enabled for auditing.
Selecting Attributes
For each selected business object to be audited, select the corresponding attributes to include in the audit. All attributes that belong to that object are by default selected for audit and appear on the user interface. However, you can add or remove attributes from the list. When you remove an attribute from the list, you stop auditing it even when the parent object is selected for audit. So, if you want an attribute to be audited, you must add it to the list. If the object selected in an audit hierarchy is also a part of several other audit hierarchies, the attribute configuration for that object is applicable to all the hierarchies in that application.
Starting and Stopping Audit
The business object is ready for audit after you select its attributes and save the configuration changes. However, to start auditing, the audit level for Oracle Applications Cloud must be set to Auditing on the Manage Audit Policies page.
To stop auditing an object, you can deselect the entire object and save the configuration. As a result, all its selected attributes are automatically deselected and are not audited. To continue to audit the business object with select attributes, deselect those attributes that are not to be audited. When users view the audit history for an application, they can specify the period for which they want the results. Therefore, make a note of when you start and stop auditing an application.
For example, users intend to view the audit history of an object for the previous week, but auditing for that object was stopped last month. They wouldn't get any audit results for that week, because during the entire month that object wasn't audited. Even if you enable audit for that object today, users can't get the wanted results because audit data until today isn't available.
Audit Configuration for Oracle Fusion Middleware Products
To set up auditing for Oracle Applications Cloud, select the Manage Audit Policies task from the Setup and Maintenance work area within your offering. To set up auditing for Oracle Fusion Middleware products, select the level of auditing mapped to a predefined set of metadata and the events that have to be audited. Information about configuring audit for Oracle Fusion Middleware products is provided in Oracle Fusion Middleware guides.
You can also create a configuration file and deploy it to audit a specific Oracle Fusion Middleware product. The configuration details for Oracle Fusion Middleware products are available as audit-specific assets that you can use to create the config.xml configuration file. To get a list of audit-specific assets, see Audit Events for Oracle Applications Cloud Middleware (Doc ID 2114143.1) on My Oracle Support at https://support.oracle.com.
Oracle Fusion Middleware Products
Configure business objects to enable auditing in Oracle Fusion Middleware products. Refer to the Oracle Fusion Middleware Security and Administrator's Guide for Web Services.
Oracle Fusion Security Products
Configure business objects to enable auditing in Oracle Fusion security products. Refer to Oracle Fusion Middleware Application Security Guide.
Using Auditing to Monitor Changes
You can enable business objects to allow auditing, recording, and retrieving information about when the objects were created, modified, and removed.
Audit Policies Overview
Auditing is used to monitor user activity and all configuration, security, and data changes that have been made to an application. Auditing involves recording and retrieving information pertaining to the creation, modification, and removal of business objects. All actions performed on the business objects and the modified values are also recorded. The audit information is stored without any intervention of the user or any explicit user action.
Use audit policies to select specific business objects and attributes to be audited. The decision to create policies usually depends on the type of information to be audited and to the level of detail required for reporting.
Enabling Audit Functionality
For Oracle Applications Cloud, you must configure the business objects and select the attributes before enabling audit. If you enable audit without configuring the business objects, auditing remains inactive. By default, auditing is disabled for all applications. To enable and manage audit, ensure that you have a role with the assigned privilege Manage Audit Policies (FND_MANAGE_AUDIT_POLICIES_PRIV). For appropriate assignment of roles and privileges, check with your security administrator.
If you don't want an object to be audited, you can stop the audit process by setting the Audit Level option to None.
Business Objects for Auditing
The following table shows the business objects you can enable for auditing.
| Area |
Parent Objects |
Child Objects |
|---|---|---|
| Permits Planning and Zoning |
Fee Schedule |
Default Fee Item Effective End Date Effective Start Date Fee Schedule Refund Fee Item |
| Permits Planning and Zoning |
Fee Line |
Model Name Service Name Space ID Space Name Version Effective End Date Effective Start Date Fee Schedule Fee Items Pay Now UseAmend UseOrig UseRenew |
Auditing Community Development Data
You use auditing to monitor data changes that have been made to fee schedules.
To enable auditing for Community Development Data:
Sign in as a setup user.
Select Setup and Maintenance and go to the following:
Offering: Public Sector Permits
Functional Area: Application Extensions
Task: Manage Audit Policies
In the Manage Audit Policies page, click Oracle Fusion Applications, to configure the required audits.
Click Configure Business Object Attributes.
On the Configure Business Object Attributes page, select Permits from the drop-down list of products.
Select from the list of objects in the Audit Name column.
Objects Category
Parent Object
Child Object
Fee Schedule
Fee Schedule
Fee Items
In the Audited Attributes area, click the Add icon.
The Select and Add Audit Attributes dialog box opens.
Select the desired attributes.
Click OK.
The selected attributes are displayed in the Audited Attributes area.
Click Save.
Viewing Audit History
You use audit history to view changes to the application data such as the business objects that were created, updated, and deleted.
Before you begin, you must have a role with the assigned privilege View Audit History (FND_VIEW_AUDIT_HISTORY_PRIV). For appropriate assignment of roles and privileges, check with your security administrator.
To view the Fee Schedule audit history or to create a report:
To open the Audit History work area, select
Enter the following search values:
Audit Reports Search Field
Value
Date
Enter the date for the audit results you want to see.
Product
Select Permits.
Business Object Type
Select Fee Schedule.
Select the option Include child objects. Fee Items is the child object for the Fee Schedule business object type.
The default search displays a summary of the audit history in the search results table. It includes key data such as date, user, product, event type, business object type, and description. For a detailed report, search again with modified search criteria. You can export the report summary to Microsoft Excel.
| Search Parameter |
Result of Selection |
|---|---|
| Business Object Type
Note: This parameter is applicable only for the business objects that belong to Oracle Applications Cloud.
|
|
| Include Child Objects |
Displays all the child objects that were listed for that business object when audit was set up. For example, a sales order object that contains several items as child objects.
Note: Displays the objects at the immediate parent-child level only. To view the children at subsequent levels, select the child object as the business object type and search again.
|
| Show Impersonator |
Displays the details of the impersonator who modified the objects during an impersonation session. |
| Show Attribute Details |
Enables the attribute list so that users can select either all attributes or a specific attribute to view the changes. Based on the selection, the search results indicate whether the attribute is created, updated, or deleted, and the corresponding old and replaced values. |
| Show Additional Object Identifier Columns |
Displays the instances (contexts) in which the business object was used. The context values identify the objects and the transactions in which they were used. Each context is unique and assigns a unique description to the business object. |