1. Securing Oracle Enterprise Data Quality
  2. Auditing User Activity

4 Auditing User Activity

This chapter auditing in EDQ.

The chapter includes the following sections:

Enabling Audit Logging Using Oracle Fusion Middleware Framework

You can configure EDQ to log audit events using the Oracle Fusion Middleware Audit Framework when EDQ is installed with an Oracle WebLogic Server domain. For detailed information on the framework see Introduction to Oracle Fusion Middleware Audit Framework in Oracle Fusion Middleware Securing Applications with Oracle Platform Security Services.

To enable audit event logging, follow the steps below:

  1. Open the Oracle Enterprise Manager Fusion Middleware Control12c application using the path:
    http://[servername]:[weblogic server admin port, e.g. 7001]/em
  2. Navigate to the EDQ domain in the Target Navigation Tree on the left of the window.
  3. Right-click the domain and select Security > Audit Policy.
  4. Select EDQ in the Audit Component Name field.
  5. Select Custom in the Audit Level field.
  6. Select the categories to log, and the events within those categories.
  7. Click Apply.
    To abandon the changes, you must click Revert.

Parent topic: Auditing User Activity

Configuring the EDQ Audit Events in Fusion Middleware Framework

Set the directory property in the audit.properties file in any directory (that exists), relative to your local config home.

For example, add the following line to your new file:

directory = myAudits

where myAudits is a folder that exists at the same level as your new audit.properties file.

Table 4-1 EDQ Event Category and Types

Event Category Event Types

Asset Transfer

Import Package

Case Management

Bulk Delete, Bulk Update, Bulk Assignment, Display Data edited, Export, Edit, Assignment updated, State changed, Comment added, Comment deleted, Comment edited, Attachment added, Attachment deleted

Case Management Admin

Case Source Added, Case Source Imported, Case Source Deleted, Permission Added, Permission Modified, Permission Deleted, Workflow Added, Workflow Imported, Workflow Deleted, Parameter Added, Parameter Modified, Parameter Deleted, Reception Action Added, Reception Action Modified, Reception Action Deleted, Reception Transition Added, Reception Transition Modified, Reception Transition Deleted, State Transition Added, State Transition Modified, State Transition Deleted, Workflow State Added, Workflow State Modified, Workflow State Deleted

Group Permission Management

Join group, Leave group, Leave all groups, Create group, Delete group, Change permissions.

Launchpad Management

Extension Add, Extension Delete, Front Page Update

Object Management

Create, Update, Delete.

User Management

Login, Logout, Password Change, Password Expire, User Blocked, User Blocked Temporarily, User Unblocked, User Created, User Updated, User Deleted, Security Configuration Updated.

Table 4-2 Event Attributes and Custom Attribute Slot

Event Attribute Description Custom Attribute Slot

Affected user

The name of the user for the logged event.

IAU_STRING_001

Login application

The name of the application that has been logged into.

IAU_STRING_002

Project Name

The name of the project containing the affected object. This attribute is left blank for system-level objects.

IAU_STRING_003

Item Type

The type of object created, modified or deleted.

IAU_STRING_004

Item Name

The name of the object created, modified or deleted.

IAU_STRING_005

Affected user

The name of the user affected by changes made by an administrator.

IAU_STRING_006

Affected group

The name of the group affected by changes made by an administrator.

IAU_STRING_007

Added Permissions

List of permissions added to a group.

IAU_LONGSTRING_001

Removed Permissions

List of permissions removed from a group.

IAU_LONGSTRING_002

The events that can be logged and their corresponding file-based auditing name are listed in the following table. Please note that this is not a complete list.

Table 4-3 Attributes Logged by User Management Event

Weblogic Display Name File-Based Event Name

Login

login

Logout

logout

Password Change

pwchange

Password Expire

pwexpire

User Blocked

userblock

User Temporarily Blocked

usertempblock

User Unblocked

userunblock

User Created

usercreate

User Updated

userupdate

User Deleted

userdelete

Security Configuration Updated

secconfig

Table 4-4 Attributes Logged by Group Permission Management Event

Weblogic Display Name File-Based Event Name

Join group

joingroup

Leave group

leavegroup

Leave all groups

leaveallgroups

Create group

creategroup

Delete group

deletegroup

Change permissions

changepermissions

Table 4-5 Attributes Logged by Object Management Event

Weblogic Display Name File-Based Event Name

Create

create

Update

update

Delete

delete

Custom attributes are stored in the iau_custom table. For more information, see "Audit Reporting with the Dynamic Metadata Model" in Oracle Fusion Middleware Securing Applications with Oracle Platform Security Services. The generic attributes for the event are stored in the iau_common table. Both of these are in the IAU schema ([RCUPREFIX]_IAU).

After the audit logs are enabled, EDQ audits events by calling the central Oracle Fusion Middleware Audit Framework APIs. The audit events can then be stored either as files or in a database for compliance reporting purposes. For more information on how to store and report on the results of auditing, see Oracle Fusion Middleware Securing Applications with Oracle Platform Security Services.

Parent topic: Enabling Audit Logging Using Oracle Fusion Middleware Framework

Enabling Audit Logging to Files

You can enable audit logs to be written to files on disk when EDQ is installed in Apache Tomcat, or if you do not want to use the Oracle Fusion Middleware Audit Framework.

To enable audit logging, create a file named audit.properties in the local configuration directory and add the following line:

enabled = true

You can then either create a directory named audit in your local configuration directory, or specify a path to an existing directory using the directory property in audit.properties. This path is specified relative to the local configuration directory.

Parent topic: Auditing User Activity

Configuring the EDQ Audit Events on Disk

For fine-grained control over specific categories and events that are audited, you can turn certain categories off by adding the following line to audit.properties:

category.<category name>. enabled = false

You can turn the individual events back on, for that category, or turn them off if the category has not been disabled, using the following command:

category.<category name>.<event name>.enabled = <true/false>

After the audit events are generated, they are placed in per-category files within the configured audit directory. These files contain entries as comma-separated values; the first line contains column headers.

Parent topic: Enabling Audit Logging to Files