Essbase auditing tracks changes to cube data, server-level security, LCM events, artifact changes, and MaxL statements that are run on the server, including imports.
Use cube-level data auditing to track updates made to data values, including changes to Linked Reporting Objects (LROs), such as adding notes, attaching files, and referencing URLs. You can export the audit log to an Excel spreadsheet.
Track Data Changes
Use an audit trail to track updates made to data values, including changes to Linked Reporting Objects (LROs), such as adding notes, attaching files, and referencing URLs. You can export the log to an Excel spreadsheet.
To view data audit trail records, you must be at least a power user with Database Update permission on the application. You can only view those records where your user name matches the user name registered in the audit records. To delete data audit trail records, you must be at least a power user with Application Manager permission on the application. See Understand Your Access Permissions in Essbase.
Turn on Data Audit Trail and View the Data Audit Trail
You turn on data audit trail by adding AUDITTRAIL DATA as an application level configuration setting.
- To turn on Data Audit Trail, add the following to the application configuration parameters: AUDITTRAIL DATA.
- Perform ad hoc analysis through Smart View, make data changes through Smart View and click on Submit - this results in an audit record being stored.When doing ad hoc analysis, there are many ways of getting a particular Point of View (POV) onto the grid. One of them is by using the POV toolbar, which allows you to zoom in on certain members in one or more dimensions. See these topics in Working with Oracle Smart View for Office
Selecting Members from the POV Toolbar
Displaying the POV Toolbar
Selecting Members Using the Cell-Based POV
- With Data Audit Trail enabled, you can view the audit trail in the connection Panel in Smart View. Under the connection information, click on the menu of operations under More and you will see a menu option titled Audit Trail. Click on Audit Trail to view the data audit trail records for a cube.
- The audit trail record shows the date and time of the change in the first column, the new value or the linked reporting object in the second column, and the POV in the third column. The time corresponds to your time zone. Click on an item in the audit trail and you will see a description of the change at the bottom of the pane.
- You can display a sheet with the new POV and refreshed data value by clicking Ad hoc below the Audit Trail pane. When you click on subsequent audit records and click this icon, you see a different sheet with the POV for that audit record and refreshed data for that POV. This way, you can do further analysis on targeted data.
Link a Reporting Object to a Cell
You can link a reporting object to a cell. When you do, this change displays in the data audit trail. You can add a note to a cell, attach a file, or reference a URL. When you make these changes, the cells are highlighted in your cube. See these topics in the Working with Oracle Smart View for Office on how to link reporting objects to cells:
Linked Reporting Objects
Attaching a Linked Reporting Object to a Data Cell
Launching a Linked Reporting Object from a Data Cell
Export Logs to a Sheet
You can easily export your logs to a new Excel sheet just by clicking an icon.
Export your log onto a new sheet using Export . Click this icon to export the logs with all the details for each entry onto a new sheet that looks like this:
Once exported, you can re-sort columns or remove them to show the information you want to analyze.
Refresh the Audit Log
You can refresh the audit log to see your latest changes at any time.
When you make more changes to your data, you can refresh the log view any time.
View and Manage Audit Trail Data in the Essbase Web Interface
You can view audit trail data in the Essbase web interface. You can also export the data to an Excel sheet (in .csv format), purge the data before a specific date, or purge all of the audit trail data.
- On the Applications page, expand the application.
- Click the Actions menu to the right of the cube name and select Inspect.
- On the Audit Trail tab, you can:
- View audit trail data.
- Export the data to a CSV file.
- Purge the audit trail data until a specific date.
- Purge all of the audit trail data.
Audit Security, Artifact Changes, and LCM Events
Service administrators can enable security auditing to track changes made to the Essbase server.
Based on parameters you specify in an auditing policy file, Essbase gathers information about changes to system-level security, artifacts, LCM events, and executed MaxL statements (including imports). Essbase consolidates the tracked information into an audit log file. Tracked information about each event includes time, client, user, artifacts affected, and a description.
Workflow for Auditing Security, Artifact Changes, and LCM Events
Use the following workflow to audit changes to security, artifacts, LCM events, and executed MaxL statements (including imports) for the Essbase server.
- Set AUDITTRAIL SECURITY as a server-level configuration property.
- Restart Essbase. See Start, Stop, and
The auditing policy file is created when Essbase restarts.
- Open the file in a text editor.
- Edit the auditing policy file to indicate what events you want to capture, the maximum file size, and how many audit log files you want to retain.
- SSH to the security audit log on the Essbase server to view the recorded events.
Enable Security, Artifact Changes, and LCM Events Auditing
If you have the Service Administrator role, you can enable auditing of security, artifact changes, LCM events, and executed MaxL statements (including imports), by setting AUDITTRAIL SECURITY as a server-level Essbase configuration property.
About the Auditing Policy File
The auditing policy is defined in an XML file that you can edit to suit your needs. In this file, you can specify which Essbase server events to track, as well as maximum file size and the number of security audit log files to keep.
EssbaseSecurityAuditLogPolicy.xml when you restart Essbase after enabling security auditing. You can then edit the file as needed to refine the auditing policy. The file is located in the application directory specified during the configuration phase of Essbase deployment. If you do not know where <Application Directory> is in your environment, refer to Environment Locations in the Essbase Platform for an explanation.
- Navigate to
EssbaseSecurityAuditLogPolicy.xml. The file is located in the application directory specified during the configuration phase of Essbase deployment.
- Open it in a text editor.
- Add the items that you want.
- Optionally change the maximum file size using
<max-file-size>n</max-file-size>, where n = the number of bytes . The default is 50000000 bytes.
- Indicate how many security audit log CSV files to save using
<roll-nos>n</roll-nos>, where n = the number of files.
- Indicate which audit events you want to capture, using
- Optionally change the maximum file size using
The events that you indicate in the auditing policy file are tracked in a security audit log file.
You can indicate the following events to capture in the auditing policy file:
|LOGIN||User [x] logged in successfully|
|LOGIN_AS||User [x] logged in as [y]|
|LOGOUT||User [x] logged out|
|LOGIN_FAIL||User [x] login failed|
|SERVICE_ROLE_ASSIGN||Assigned Essbase service role [x] to [y]|
|SERVICE_ROLE_REVOKE||Revoked Essbase service role [x] from [y]|
|APPLICATION_ROLE_ASSIGN||User/Group [x] has been provisioned the role [y] on the application [z]|
|APPLICATION_ROLE_REVOKE||User/Group [x] has been revoked from the role [y] on the application [z]|
|ARTIFACT_CREATE||Artifact [x] of type [y] created|
|ARTIFACT_UPLOADED||Artifact upload request called for application [a] database [b] object name [c] and object type [d]|
|ARTIFACT_MODIFIED||Artifact [x] of type [y] modified|
|ARTIFACT_DELETED||Artifact [x] of type [y] deleted|
|ARTIFACT_RENAMED||Artifact [x] of type [y] renamed to [z]|
|APPLICATION_DELETED||Application [x] deleted|
|APPLICATION_CREATE||Application [x] created|
|APPLICATION_RENAMED||Application [x] renamed to [y]|
|DATABASE_DELETED||Database [x] deleted in application [y]|
|DATABASE_CREATE||Database [x] created in application [y]|
|DATABASE_RENAMED||Database [x] renamed to [y] in application [z]|
|LCM_EXPORT_START||LCM export job started with file name [x]|
|LCM_EXPORT_END||LCM export job completed with file name [x] and job status [y]|
|LCM_IMPORT_START||LCM import started for application [x] with file name [y]|
|LCM_IMPORT_END||LCM import completed for application [x] with file name [y]|
|LCM_IMPORT_FAIL||LCM import failed for application [x] with file name [y]|
|DATA_LOAD_MAXL||The MaxL import data statement executed for application [x] and database [y] by user [z]|
|EXECUTE_MAXL||MaxL statement [x] executed from user [y]|
|LOAD_DATA_JOB_START||Data load job started using data file [x] and rule file [y]|
|LOAD_DATA_JOB_END||Data load job for data file [x] and rule file [y] completed with status [z]|
|LOAD_DATA_JOB_FAILED||Data load job failed due to [x]|
|DELETE_SESSION||Session [x] deleted|
Example Auditing Policy File
<security-audit-policy> <audit_events_to_capture>SERVICE_ROLE_ASSIGN,LOGIN,LOGIN_FAIL,LOGOUT,SERVICE_ROLE_REVOKE,APPLICATION_ROLE_ASSIGN,APPLICATION_ROLE_REVOKE,ARTIFACT_UPLOADED,ARTIFACT_MODIFIED,ARTIFACT_DELETED,ARTIFACT_CREATE,ARTIFACT_RENAMED,LCM_EXPORT_START,LCM_EXPORT_END,LCM_IMPORT_START,LCM_IMPORT_END,LCM_IMPORT_FAIL,DATA_LOAD_MAXL,EXECUTE_MAXL</audit_events_to_capture> <audit_sinks> <audit_sink> <audit_sink_type>CSV</audit_sink_type> <max-file-size>50000000</max-file-size> <roll-nos>100</roll-nos> </audit_sink>
Review the Security Audit Log
The security audit log tracks information about each event defined in the auditing policy file.
- SSH to the Essbase server.
- Navigate to
<DOMAIN_HOME>/servers/serverName/logs/essbase/. If you do not know where
<DOMAIN_HOME>is, see Environment Locations in the Essbase Platform.
- Open and review the file,
- Time - when the event occurred
- Client - client IP address or hostname
- Username - the user initiating the action
- Session ID – the Essbase session ID
- Event Type - the event type
- Artifact Type - the type of artifact involved in the event
Artifact type examples:
- Artifact Type partition_file for Event Type ARTIFACT_UPLOADED
- Artifact Type Application for Event Type LCM_EXPORT_START
- Artifact Type User for Event Type APPLICATION_ROLE_ASSIGN
- Artifact Name – the name of the artifact involved in the event. For example, a file name, username, or application name
- Additional Info - additional information associated with the event
- Description - description of the event
The description field is localized.