Retrieval Auditing

The objective of retrieval auditing is to monitor and store which retrieved certain information, at which time, via the Oracle Health Insurance Authorizations user interface. To support this objective Oracle Health Insurance Authorizations monitors the retrieval of authorizations and persons information. The retrieval audit information is written to a log file. This chapter does not cover what happens to the authorization or person after it has been accessed, that is, who changed the authorization or what was changed on the authorization.

Design Choices

  • Oracle Health Insurance Authorizations monitors access for authorizations and persons only; any page that shows authorization or person information is monitored.

  • Authorizations and person access is written to the (same) security log file by default.

  • Monitoring is restricted to logging access. Actions that are performed on the accessed records are not logged using the mechanism described in this chapter.

  • Access to a authorization or a person is logged when:

    • a page opens in context of a specific authorization or person;

    • the page is refreshed (such as after a save or submit).

  • Oracle Health Insurance Authorizations does not log the search criteria that pulled up the authorization or person, that is, it logs the search results.

A standard log line entry in Oracle Health Insurance Authorizations is composed of the following parts: (1) Time stamp, (2) Thread, (3) Level, (4) Class and (5) Message. The time stamp states when the log entry was created, which, in context of authorizations retrieval auditing reflects when the authorization was accessed. The next three components specify the technical source of the log entry. More information can be found in the Operations Guide for logging in Oracle Health Insurance Authorizations.

The last part of a log entry, the message, holds a description of the functional event that triggered the entry. A single log entry line represents the event of a user having accessed a single authorization or person. The message is composed of the following information:

  • All messages start with the tag "keyword=RETRIEVAL".

  • The unique user loginName. This is the login name as provided through the provisioning integration point.

  • The unique user interface page code of the page that provided access.

  • The user interface page name of the page that provided access.

  • A qualifier of the entity accessed, that is,, authorization (AUTH) or relation (PERS).

  • The authorization code or person code.

The separate components of the logged message are semicolon (;) delimited to facilitate the usage spreadsheet applications to import the log.

Monitored Pages

The following user interface pages could serve as a first point of entry for authorizations or person:

  • AU0003 Authorizations Search

  • AU0005 View and Edit Authorization

  • RM0014 Relations

  • RM0012 Persons

The following sections contain a number of example log entries. These example entries do not show the thread, level and class parts of the log entry. Their position is represented by triple dots "…​".

Search Authorizations

Whenever the user executes a search in the Authorizations Search page (or in the Oracle Health Insurance Authorizations Quick Search), Oracle Health Insurance Authorizations logs which authorizations have been retrieved. Note that the Authorizations Search page can display multiple authorizations as the result of a single search, that is, a single query can result in multiple log entries.

The following events will trigger one or more log entries in this page:

  • Executing a search

Consider the scenario where a user with log in name JONES executes a search that returns four authorizations. The following information is logged:

2015/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=AU0003, functionName=AUTHORIZATIONS
SEARCH, entity=AUTH, relatedKey=12314}
2015/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=AU0003, functionName=AUTHORIZATIONS
SEARCH, entity=AUTH, relatedKey=14532}
2015/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=AU0003, functionName=AUTHORIZATIONS
SEARCH, entity=AUTH, relatedKey=45221}
2015/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=AU0003, functionName=AUTHORIZATIONS
SEARCH, entity=AUTH, relatedKey=45677}

View and Edit Authorization

This page can be directly opened in the context of a specific authorization through deep links provided in the Authorizations Search page. Consider the scenario where a user with log in name JONES accesses authorization 12314 through the Authorizations Search page that opens up the View and Edit Authorization page.

The following events trigger a log entry in this page:

  • Opening the page

  • Refreshing the page

The following information is logged:

2015/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=AU0005, functionName=VIEW AND EDIT
AUTHORIZATION, entity=AUTH, relatedKey=12314}

Relations

This page can be opened by navigating the user interface as well as through deep links used, for example, reports based on Oracle Health Insurance Authorizations base/functional views. This page may display a mix of organization and person records. Only the retrieval of the person records is monitored. Consider the scenario where a user with log in name JONES accesses the relations page and executes a search that returns three relations.

The following events trigger a log entry in this page:

  • Submitting a search

  • Refreshing the page

The following information is logged:

2015/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0014, functionName=RELATIONS,
entity=PERS, relatedKey=MEM00231}
2015/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0014, functionName=RELATIONS,
entity=PERS, relatedKey=MEM03213}
2015/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0014, functionName=RELATIONS,
entity=PERS, relatedKey=MEM07895}

Persons

This page can be opened by navigating the user interface as well as through deep links used, for example reports based on Oracle Health Insurance Authorizations base/functional views. Consider the scenario where a user with log in name JONES accesses the persons page and executes a search that returns three persons.

The following events trigger a log entry in this page:

  • Submitting a search

  • Refreshing the page

The following information is logged:

2015/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0012, functionName=PERSONS,
entity=PERS, relatedKey=MEM00231}
2015/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0012, functionName=PERSONS,
entity=PERS, relatedKey=MEM03213}
2015/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0012, functionName=PERSONS,
entity=PERS, relatedKey=MEM07895}

Use cases

Scenario 1

To give an impression of what and when something is written to the log file in the common event that a user queries a authorization to edit it, consider the following scenario. Note that the examples of the log display the cumulative entries, to give an impression how the log is extended with each entry.

User JONES opens the Search Authorizations page. He executes a search that returns 2 authorizations. Once the 2 search results are retrieved and displayed, the following lines are logged:

2015/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=AU0003, functionName=AUTHORIZATIONS
SEARCH, entity=AUTH, relatedKey=12314}
2015/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=AU0003, functionName=AUTHORIZATIONS
SEARCH, entity=AUTH, relatedKey=14532}

User JONES selects one of the search results (authorization 14532) and opens the View and Edit Authorization page for that authorization. A new entry is logged:

2015/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=AU0003, functionName=AUTHORIZATIONS
SEARCH, entity=AUTH, relatedKey=12314}
2015/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=AU0003, functionName=AUTHORIZATIONS
SEARCH, entity=AUTH, relatedKey=14532}
2015/08/07 11:06:45 ... {keyword=RETRIEVAL, user=JONES, functionCode=AU0005, functionName=VIEW AND EDIT
AUTHORIZATION, entity=AUTH, relatedKey=14532}

Scenario 2

It is possible that two different users access authorizations. In the event that both users retrieve multiple authorizations with a single query, the log line entries may be interlaced. There is no guarantee that line entries that originate from the same query are always subsequent.

User JONES and user SMITH both execute a query in the Search Authorizations page at exactly the same time. Both queries return three authorizations. The log could be appended as follows:

2015/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=AU0003, functionName=AUTHORIZATIONS
SEARCH, entity=AUTH, relatedKey=12314}
2015/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=AU0003, functionName=AUTHORIZATIONS
SEARCH, entity=AUTH, relatedKey=14432}
2015/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=AU0003, functionName=AUTHORIZATIONS
SEARCH, entity=AUTH, relatedKey=15314}
2015/08/07 11:06:33 ... {keyword=RETRIEVAL, user=SMITH, functionCode=AU0003, functionName=AUTHORIZATIONS
SEARCH, entity=AUTH, relatedKey=17784}
2015/08/07 11:06:33 ... {keyword=RETRIEVAL, user=SMITH, functionCode=AU0003, functionName=AUTHORIZATIONS
SEARCH, entity=AUTH, relatedKey=17632}
2015/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=AU0003, functionName=AUTHORIZATIONS
SEARCH, entity=AUTH, relatedKey=14532}