4 Managing Access and Other Settings
Types of access and other settings refers to areas such as user accounts and privileges or creating report templates.
4.1 Managing User Accounts and Access
A super user can manage user accounts and access.
4.1.1 About Oracle AVDF Auditor Accounts and Passwords
Learn about Oracle AVDF auditor user accounts and passwords.
There are three types of auditor accounts in Oracle Audit Vault and Database Firewall:
- Super Auditor:
- Creates user accounts for super auditors and auditors
- Has auditor access to all targets and target groups
- Grants auditor access to targets or target groups to auditors
- Auditor: Has access to specific targets or target groups granted by a super auditor
- Readonly Auditor: Has readonly access to:
- Target database details as granted to them by the Super Auditor
- Audit trail details
- Database Firewall monitoring points
- Dashboard data on the Home page, including the ability to view chart data and add filters
- User entitlement, target database, and target database group access details
- All reports and report schedules. Compliance Reports and Generated Reports for specific target databases are only visible to the Readonly Auditor if they have been granted access to the target database by the Super Auditor
- All alerts and alert details
Passwords for these accounts need not be unique; however, Oracle recommends that passwords:
-
Have at least one uppercase alphabetic, one alphabetic, one numeric, and one special character (plus sign, comma, period, or underscore).
-
Be between 8 and 30 characters long.
-
Be composed of the following characters:
-
Lowercase letters: a-z.
-
Uppercase letters: A-Z.
-
Digits: 0-9.
-
Punctuation marks: comma (,), period (.), plus sign (+), colon(:), and underscore (_).
-
-
Not be the same as the user name.
-
Not be an Oracle reserved word.
-
Not be an obvious word (such as welcome, account, database, and user).
-
Not contain any repeating characters.
4.1.2 Creating Local Auditor Users
Learn how to create user accounts with auditor privileges.
Super auditors can create both super auditor and auditor user accounts.
To create an auditor account in Oracle Audit Vault and Database Firewall:
- Log in to the Audit Vault Server console as a super auditor.
- Click the Settings tab.
The Manage Auditors subtab on the main page is selected by default.
- Click Add in the top, right corner.
- In the Add Auditor dialog box, select Local AVDF User.
- For Local AVDF User, enter the details to create a database auditor.
- Enter the newly created Auditor Name.
- Select the Auditor Type.
- Enter the Password and Re-type
Password.
Oracle Audit Vault and Database Firewall does not accept user names with quotation marks, such as
"jsmith"
. - Click Save.
4.1.3 Creating New SSO Users
To create new users for single sign-on (SSO) authentication, you enter the user name and the auditor type.
- Click the Settings tab.
-
Enter the SSO user name.
Allowed characters include uppercase letters, lowercase letters, numbers, and symbols (@.-_!^~+%). The total length of the SSO user name can't exceed 127 characters.Note:
Though AVDF accepts uppercase and lowercase letters, it will store the user name in only uppercase. Microsoft performs a case in-sensitive comparison of the user names.
4.1.5 Managing User Access to Targets or Groups
Learn to manage user access to targets and target groups.
4.1.5.1 About Managing User Access
Learn about managing user access.
Super auditors have access to all targets and target groups, and can grant access to specific targets and groups to auditors.
You can control access to targets or groups in two ways:
-
Modify a target or group to grant or revoke access for one or more users.
-
Modify a user account to grant or revoke access to one or more targets or groups.
4.1.6 Changing a User Account Type
Learn how to change auditor user account type.
You can change an auditor account type between Readonly Auditor, Auditor, and Super Auditor. If a user's account type is changed from Auditor or Readonly Auditor to Super Auditor, that user will have access to all targets and target groups. A user can only be assigned one auditor account type at a time.
To change a user account type in Oracle Audit Vault and Database Firewall:
-
Log in to the Audit Vault Server console as a super auditor.
-
Click the Settings tab.
The Manage Auditors page appears by default, and displays existing users and the targets or groups to which they have access.
-
Click the name of the user account you want to change.
-
In the Modify Auditor dialog, against the Type field, click on the edit icon.
-
In the Type drop-down list, select the new auditor type.
-
If you changed the type from Super Auditor to Auditor or Readonly Auditor, grant or revoke access to any targets or groups as necessary for this user.
Release Oracle AVDF 20.1 and 20.2 Release Oracle AVDF 20.3 and later -
Select the targets or groups to which you want to grant or revoke access.
-
Click Grant or Revoke.
A green check mark indicates access granted. A red cross mark (X) indicates that access is revoked.
-
Select the targets or groups to which you want to grant or revoke access. You can also search for the targets or groups in the field under Targets & Target Groups.
- Choose the targets and groups in the Available column and move them to the Selected column, to grant access. Choose the targets and groups in the Selected column and move them to the Available column, to revoke access.
-
-
Click Save.
4.1.7 Changing the Auditor Password
Learn how to change the password of an auditor.
Auditors can change their own password. A Super Auditor can also change the password of other auditors. If a Super Auditor changes the password of another auditor, then the password automatically expires immediately after it is changed.
4.1.7.2 Changing the Password of Another Auditor
Learn how to change the password of another auditor as a Super Auditor.
A Super Auditor can change the passwords of other auditors. However, the password automatically expires immediately after it is changed by the Super Auditor. The auditor must follow the instructions in the topic Changing the Expired Password of an Auditor.
4.1.7.3 Changing the Expired Password of an Auditor
Your password might be expired if a Super Auditor changes your password, or if it passes the password expiry date.
For Oracle AVDF release 20.4 or earlier, follow these steps:
-
Log in to the Audit Vault Server through SSH and switch to the
root
user. -
Switch to the
dvaccountmgr
user.su - dvaccountmgr
-
Start SQL*Plus without the user name and password.
sqlplus /
-
If the account is locked, run the following command to unlock the account:
alter user <user name> account unlock;
-
Run the following command to change the password:
alter user <username> identified by <new_password>;
For Oracle AVDF release 20.5 or later, follow these steps:
4.2 Creating Templates and Distribution Lists for Email Notifications
Email templates and notifications help auditors to notify other users automatically about audit-related events.
4.2.1 About Email Notifications and Templates
You can configure Oracle Audit Vault and Database Firewall alerts to trigger an email when an alert is raised or a report is generated.
For example, you can create an alert that is triggered every time a connection is made by an application shared schema account outside of the application (for example, APPS
or SYSADM
). When the user tries to log in, Oracle AVDF sends an email to two administrators warning them about misuse of the application account.
To accomplish this, you must create an email distribution list that defines who will receive the email, and then create an email template that contains a message. You select the template to be used for email notification when you define the alert rule.
4.2.2 Creating or Modifying an Email Distribution List
You can create an email distribution list for specific notification purposes, that is, a list of email addresses that will receive a notification.
4.2.3 Creating or Modifying an Email Template
An email template enables you to specify the content of an email notification that is triggered by an alert or a report being generated.
-
Log in to the Audit Vault Server console as an auditor.
Note:
-
An auditor can create, modify, and delete email templates that were initially created by the same auditor. This is applicable in case of upgrade to Oracle Audit Vault and Database Firewall
12.2.0.8.0
and later. -
Email templates that were created prior to upgrade of Oracle Audit Vault and Database Firewall
12.2.0.8.0
, can be modified or deleted by a super auditor.
-
-
Click the Settings tab.
-
From the left navigation menu, click Email Templates.
The Email Templates page displays a list of existing email templates, which you can modify or delete. Some of these templates are predefined.
-
Click Create to create a new template, or click the name of an existing template to modify it.
-
Specify a Name.
-
Select the template Type:
-
Alert: Creates an email template used for alert notifications.
-
Report Attachment: Creates an email template used for report notifications, and attaches a PDF of the report to the email.
-
Report Notification: Creates an email template used for report notifications, but does not attach the PDF file of the report.
-
-
Enter or select the desired values for Format and Description for the email template.
-
Use the available tags displayed on the right as building blocks for the Subject and Body of the email.
The available tags depend on the type of notification. Table 4-1 and Table 4-2 explain the tags in detail.
You can either click the tag name to transfer it to the template, or copy and paste the tag name to appear in either the Subject or Body of the template.
-
Select the appropriate and available options in the Event Information section.
-
Click Save.
After you create a new template, it is listed in the Email Templates page. From there, you can modify or delete templates as necessary.
-
Log in to the Audit Vault Server console as an auditor.
Note:
-
An auditor can create, modify, and delete email templates that were initially created by the same auditor. This is applicable in case of upgrade to Oracle Audit Vault and Database Firewall
12.2.0.8.0
and later. -
Email templates that were created prior to upgrade of Oracle Audit Vault and Database Firewall
12.2.0.8.0
, can be modified or deleted by a super auditor.
-
-
Click the Settings tab.
-
From the left navigation menu, click on Email Templates.
The Email Templates page displays two sections: a list of pre-defined email templates and a list of user-defined email templates. Users can copy a pre-defined email template to the user-defined email template section. Then, modify the email template as desired. A pre-defined email template will be set as the default until the user defines any user-defined email templates and sets it as the default.
-
To enable the Copy button, select a single template by checking the checkbox. Once a single template is selected, the Copy button will be clickable.
-
Click Copy to create a new user-defined template based on the selected pre-defined one, or click the name of an existing template to view its contents.
-
The copied template will be named "Copy of [Original Template Name]." Edit the Name as desired.
-
The Type of the copied template will be automatically set based on the original template. Below are the template Types:
-
Alert: Creates an email template used for alert notifications.
-
Report Attachment: Creates an email template used for report notifications, and attaches a PDF of the report to the email.
-
Report Notification: Creates an email template used for report notifications, but does not attach the PDF file of the report.
-
-
Optionally, add a Description for the new user-defined email template.
-
Optionally, click Set as default if you would like the newly created template to be your default email template.
-
Click Copy.
After you create a new template, it is listed in the User-defined email templates section of the Email Templates page.
From there, you can click the name of the template to modify its details. This includes modifying the above information as well as the following:-
You can modify the Format of the template to either be Plain Text or HTML.
-
When your cursor is within the Body field, use the available tags displayed on the right as building blocks for the Body of the email.
The available tags depend on the type of notification. Table 4-1 and Table 4-2 explain the tags in detail.
You can either click the tag name to transfer it to the template, or copy and paste the tag name to appear in the Body of the template.
-
Select the appropriate and available options in the Event Information section.
Additionally, if you click the checkbox for a user-defined email template, the Copy, Delete, and Set as default buttons become clickable.
-
Table 4-1 lists the available tags for alert notification templates.
Table 4-1 Tags Available for Alert Notification Email Templates
Alert Tag Name | Description |
---|---|
|
A special tag that is used as a shortcut to include all the available tags in the email |
|
The ID of the alert |
|
Name of the alert |
|
Time the event causing the alert was created |
|
Severity of the alert (Critical or Warning) |
|
Status of the Alert (for example, New, Open, or Closed) |
|
Description of the alert |
|
URL of the alert |
Table 4-2 lists the available tags for report notification templates.
Table 4-2 Tags Available for Report Attachment or Report Notification Email Templates
Report Tag Name | Description |
---|---|
|
Name of the report |
|
Date and time the report was generated |
|
Report Category name, such as "Access Reports" |
4.3 Creating Alert Syslog Templates
Oracle Audit Vault and Database Firewall provides a default template for Oracle Audit Vault and Database Firewall alerts sent to syslog.
4.4 Viewing Monitoring Point and Audit Trail Status
You can view a listing of either the monitoring point status or the audit trail status.
4.4.1 Viewing Monitoring Point Status
Any auditor can view the Database Firewall monitoring points that have been configured for all the target databases.