1. Sales Questions and Answers
  2. How do I get audit logs for administrator-related activities in sales?

How do I get audit logs for administrator-related activities in sales?

You might want to see administrator-related changes periodically. For example, you might want to know who changed a user role configuration and when they changed it. Or, you might want to see the sales territory change history. You have a few of options for getting historical information about changes that an administrator has made in the applications.

Here are the options:

Oracle Platform Security Services (OPSS) Audit

The Oracle Platform Security Services (OPSS) audit records changes made from Fusion Applications user and role management screens, including the Security Console.

Here's how you enable the auditing:

  1. Sign in to the application and navigate to Setup and Maintenance.
  2. Search for the task, Manage Audit Policies.
  3. In the Manage Audit Policies page, in the Oracle Platform Security Services section, set the Audit Level to Low.
  4. Save the changes.

Here's how to see the audit reports:

  1. Sign in to the applications as a user with the Application Implementation Consultant role (or Internal Auditor role).
  2. In the Navigator, select Tools > Audit Reports.
  3. Enter your search conditions. For example enter the date you think the changes might have happened.

    If you select Show Attribute Details, you can filter by more attributes.

  4. Set the Product to Oracle Platform Security Services.
  5. Select the Event Type, for example, App Role Creation, Role Membership Add, or Role Membership Remove.
  6. Click Search.

Here are some tips for understanding the search results:

  • For the event types, Role Membership Add or Role Membership Remove, when users or roles are the subject being added or removed, you can look for the event types, Role Membership Remove or Role Membership Add, and the attribute, Enterprise Roles. This will find the subject being added or removed.
  • When a function security policy or privilege is added or removed, you can filter them in the UI and look for the event types, Permission Set Revocation or Permission Set Grant, and the attribute, Permission Set Name. This will find the policy or privilege that was removed or added.
  • You might see create_by or update_by to be FUSION_APPS_HCM_ESS_APPID or FUSION_APPS_HCM_SOA_APPID.

    FUSION_APPS_HCM_ESS_APPID refers to an operation done through a scheduled process. FUSION_APPS_HCM_SOA_APPID refers to the operation done by an internal HCM web service call. For an example, see the My Oracle Support article, PER_EMAIL_ADDRESSES last updated by is showing as user FUSION_APPS_HCM_SOA_APPID (Doc ID 2661575.1).

For more information on the Oracle Platform Security Services Audit Framework see Introduction to Oracle Fusion Middleware Audit Framework.

User Details Reports

Several options are available for viewing information about users in Oracle Fusion Applications.

  • User and Role Access Audit Report: This report gives details of the function and data security privileges granted to specified users or roles. This information is the same as the information that you can see for a user or role on the Security Console.
  • User Role Membership Report: This report lists role memberships for specific users. It includes user name, first and last names, user status, department, location, and role memberships.
  • Inactive Users Report: Run as a scheduled process, this report helps identify users who haven't signed in for a certain period of time.
  • User Details System Extract Report: This report shows details of Oracle Fusion Applications user accounts. It gives user details like business unit name, last record update information, worker type, organizations, managers, and more.

For more details, see the Role Provisioning, Role Assignments, and Role Configuration and the Reporting on Application Users and Roles chapters in the Oracle Fusion Cloud Applications: Securing Applications guide.

Sales Objects Change History Audit

You can see the change history for many Sales objects using the audit feature of Sales. Auditing is available for objects like accounts and contacts, activities, contracts, opportunities, leads, the sales catalog, territories, and more. See the topic, What fields can I audit for Sales?, for more information.