This chapter explains how to enable and configure EDQ to log events with the Oracle Fusion Middleware Audit Framework.
This chapter includes the following sections:
When you install EDQ to operate in an Oracle WebLogic Server domain, you integrate it to log events in the Oracle Fusion Middleware Audit Framework. This auditing provides a measure of accountability and answers the "who has done what and when" types of questions. For detailed information about this auditing service, see "Introduction to Oracle Fusion Middleware Audit Service" in Oracle Fusion Middleware Securing Applications with Oracle Platform Security Services 12c (12.1.3).
To enable audit event logging, use the following procedure:
Open the Enterprise Manager 11g Fusion Middleware Control application.
Navigate to the EDQ domain in the Target Navigation Tree on the left of the window.
Right-click the domain and select Security > Audit Policy.
Select "EDQ" in the Audit Component Name field.
Select "Custom" in the Audit Level field.
Select the categories to log, and the events within those categories.
Click Apply, or Revert to abandon the changes.
The EDQ event categories and types are as follows:
| Event Category | Event Types |
|---|---|
|
User Management |
Login, Logout, Password Change, Password Expire, User Blocked, User Blocked Temporarily, User Unblocked, User Created, User Updated, User Deleted, Security Configuration Updated. |
|
Object Management |
Create, Update, Delete. |
|
Group Permission Management |
Join group, Leave group, Leave all groups, Create group, Delete group, Change permissions. |
Note:
Object Management logs changes made to objects in the Project Browser of the Director application only, such as projects or processes.
It does not cover changes to objects made in other applications, such as Case Management.
The attributes that can be logged by event are listed in the following table. Note that not every attribute is available to each event type.
| Event Attribute | Description |
|---|---|
|
Affected user |
The name of the user for the logged event. |
|
Login application |
The name of the application that has been logged into. |
|
Project Name |
The name of the project containing the affected object. This attribute is left blank for system-level objects. |
|
Item Type |
The type of object created, modified or deleted. |
|
Item Name |
The name of the object created, modified or deleted. |
|
Affected user |
The name of the user affected by changes made by an administrator. |
|
Affected group |
The name of the group affected by changes made by an administrator. |
|
Added Permissions |
List of permissions added to a group. |
|
Removed Permissions |
List of permissions removed from a group. |
Once enabled, EDQ audits events by calling the central Oracle Fusion Middleware Audit Framework APIs. The audit events can then be stored either as files or in a database for compliance reporting purposes. For more information on how to store and report on the results of auditing, see Oracle Fusion Middleware Securing Applications with Oracle Platform Security Services 12c (12.1.3).