10 Understanding Oracle Access Management Reports
This chapter contains the following sections.
Note:
For large-scale deployments, it is recommended that you deploy a dedicated enterprise-class reporting solution. A solution based on tools such as Oracle Business Intelligence Enterprise Edition can provide the flexibility, automation, and performance required for a large-scale organizations.
10.1 About Reports in Oracle Access Management
Oracle Access Management integrates with Oracle Business Intelligence Publisher, which provides a pre-defined set of compliance reports. The data in the database audit store is exposed through pre-defined reports in Oracle Business Intelligence Publisher. These reports allow you to drill down the audit data based on various criteria, such as user name, time range, application type, and execution context identifier (ECID).
Out-of-the-box, there are several sample audit reports available with Oracle Access Management and accessible with Oracle Business Intelligence Publisher. You can also use Oracle Business Intelligence Publisher to create your own custom reports.
Oracle BI Enterprise Edition (Oracle BI EE) is a comprehensive set of enterprise business intelligence tools and infrastructure, including a scalable and efficient query and analysis server, an ad-hoc query and analysis tool, interactive dashboards, proactive intelligence and alerts, real-time predictive intelligence, and an enterprise reporting engine. Oracle BI EE is designed to bring greater business visibility and insight to a wide variety of users.
The components of Oracle Business Intelligence Enterprise Edition share a common service-oriented architecture, data access services, analytic and calculation infrastructure, metadata management services, semantic business model, security model and user preferences, and administration tools. Oracle Business Intelligence Enterprise Edition provides scalability and performance with data-source specific optimized analysis generation, optimized data access, advanced calculation, intelligent caching services, and clustering. The following are Oracle Access Management reporting features:
-
Select and view reports from a predefined list in the BI Publisher.
-
Filter report information.
-
View reports on-screen in the desired format.
-
Provide interactive reports.
10.2 Accessing Oracle Access Management Reports
To access Access Manager Reports, you must start BI Publisher and run them. BI Publisher cannot be accessed through the Access Manager Console. You must open BI publisher explicitly to access Access Manager reports.
Follow this procedure to start BI Publisher.
-
Navigate to Start, Oracle BI Publisher Desktop, Oracle - BIPHome10134 and click Start BI Publisher.
The Oracle BI Publisher Home page appears.
-
Enter the user name and password.
-
Click Sign In.
Follow this procedure to run a report.
10.3 Supported Output Formats
All BI Publisher reports are generated in a native XML format. This XML can be transformed into other output formats.
The following formats are supported:
-
HTML
-
PDF
-
RTF
-
MHTML
10.4 Classification of Reports for Access Manager
Access Manager Reports are classified based on functional area.
For example, Access Policy Reports, Attestation, Request and Approval Reports and Password Policy Reports are available. (It is no longer named Operational and Historical.) Oracle Access Manager Reports are classified into the following categories based on their functional areas:
10.4.1 Account Management Reports
The Accounts_Locked_Out Report is the account management report that allows administrators to view details about accounts that have been locked out.
Table 10-1 Accounts_Locked_Out Report Fields
Field | Description |
---|---|
User ID |
Identifier of the locked out user |
Timestamp |
Time stamp of the lockout |
Component/Application Name |
Component from which the user has been locked out |
Event Details |
Additional information |
10.4.2 Authentication Reports
Authentication reports allow administrators to view details regarding user authentications.
The reports include:
10.4.2.1 AuthenticationFromIPByUser
The AuthenticationFromIPByUser report contains details regarding failed and successful authentications from a particular IP address.
Table 10-2 AuthenticationFromIPByUser Report Fields
Field | Description |
---|---|
IP Address |
IP address of the client |
Distinct User Count |
Number of distinct users |
Total Attempts |
Number of authentication attempts from this IP address |
Users |
List of users attempting authentication from this IP address |
10.4.2.2 AuthenticationPerIP
The AuthenticationPerIP report contains details regarding failed and successful authentications from this IP address.
Table 10-3 AuthenticationPerIP Report Fields
Field | Description |
---|---|
IP Address |
IP address of the server |
Distinct Users |
Number of users authenticated |
Total Number of Attempts |
Number of authentication attempts (successful and failed) |
10.4.2.3 Authentication Statistics Report
The authentication report contains details regarding failed and successful authentications.
Table 10-4 Authentication_statistics Report Fields
Field | Description |
---|---|
Failure |
Failed (yes) or successful (no) authentication |
Userid |
Identifier of the user |
Number of Events |
Number of authentication events |
10.4.2.4 AuthenticationStatisticsPerServer Report
The AuthenticationStatisticsPerServer report contains details regarding failed and successful authentications from a particular server instance.
Table 10-5 AuthenticationStatisticsPerServer Report Fields
Field | Description |
---|---|
Server Instance Name |
Identifier of the server instance |
Success Count |
Number of successful authentications |
Failure Count |
Number of failed authentications |
10.4.3 Errors and Exceptions
The errors and exceptions report allows administrators to view errors and exceptions logged during the authentication process.
This report include:
10.4.3.1 All Errors and Exceptions
All Errors and Exceptions report contains details regarding errors and exceptions encountered during runtime.
Table 10-6 All Errors and Exceptions Report Fields
Field | Description |
---|---|
User ID |
Identifier of the locked out user |
Timestamp |
Time stamp of the lockout |
Component/Application Name |
Component from which the user has been locked out |
Client IP Address |
IP address of the client |
Message Event |
The error or exception |
Event Details |
Information regarding the error or exception |
10.4.3.2 Authentication Failures
The Authentication Failures report contains details regarding failed and successful authentications.
Table 10-7 Authentication Failures Report Fields
Field | Description |
---|---|
User ID |
Identifier of the locked out user |
Timestamp |
Time stamp of the lockout |
Component/Application Name |
Component from which the user has been locked out |
Client IP Address |
IP address of the client |
Authentication Method |
Authentication method |
Message Event Details |
Message regarding the failed authentication |
Authorization_Failures |
Authorization failure |
10.4.3.4 Authentication History
The Authentication History report contains details regarding failed and successful authentications.
Table 10-8 Authentication History Report Fields
Field | Description |
---|---|
User ID |
Identifier of the locked out user |
Timestamp |
Time stamp of the lockout |
Component/Application Name |
Component from which the user has been locked out |
Client IP Address |
IP address of the client |
Authentication Method |
Authentication method |
Message Event Details |
Message regarding the failed authentication |
Authorization_Failures |
Authorization failure |
10.4.3.5 Authorization History
The Authorization History report contains details regarding failed and successful authorizations.
Table 10-9 Authorization History Report Fields
Field | Description |
---|---|
User ID |
Identifier of the locked out user |
Timestamp |
Time stamp of the lockout |
Component/Application Name |
Component from which the user has been locked out |
Client IP Address |
IP address of the client |
Authentication Method |
Authentication method |
Message Event Details |
Message regarding the failed authentication |
Authorization_Failures |
Authorization failure |
10.5 About Creating Reports Using Third-Party Software
Access Manager supports the creation of reports by using third-party tools such as Crystal Reports.
To learn how to create reports by using third-party software, see the third-party software documentation. Additional information on the audit schema and creating custom reports can be found in the Securing Applications with Oracle Platform Security Services.