This chapter explains how to enable and configure EDQ to log events with the Oracle Fusion Middleware Audit Framework.
This chapter includes the following sections:
When you install EDQ to operate in an Oracle WebLogic Server domain, you integrate it to log events in the Oracle Fusion Middleware Audit Framework. This auditing provides a measure of accountability and answers the "who has done what and when" types of questions. For detailed information about this auditing service, see "Introduction to Oracle Fusion Middleware Audit Service" in Oracle Fusion Middleware Securing Applications with Oracle Platform Security Services.
To enable audit event logging, use the following procedure:
Open the Enterprise Manager 12c Fusion Middleware Control application.
The path to this application is
http://[servername]:[weblogic server admin port, e.g. 7001]/em
Navigate to the EDQ domain in the Target Navigation Tree on the left of the window.
Right-click the domain and select Security > Audit Policy.
Select "EDQ" in the Audit Component Name field.
Select "Custom" in the Audit Level field.
Select the categories to log, and the events within those categories.
Click Apply, or Revert to abandon the changes.
The EDQ event categories and types are as follows:
Event Category | Event Types |
---|---|
Asset Transfer | Import Package |
Case Management | Bulk Delete, Bulk Update, Bulk Assignment, Display Data edited, Export, Edit, Assignment updated, State changed, Comment added, Comment deleted, Comment edited, Attachment added, Attachment deleted |
Case Management Admin | Case Source Added, Case Source Imported, Case Source Deleted, Permission Added, Permission Modified, Permission Deleted, Workflow Added, Workflow Imported, Workflow Deleted, Parameter Added, Parameter Modified, Parameter Deleted, Reception Action Added, Reception Action Modified, Reception Action Deleted, Reception Transition Added, Reception Transition Modified, Reception Transition Deleted, State Transition Added, State Transition Modified, State Transition Deleted, Workflow State Added, Workflow State Modified, Workflow State Deleted |
Group Permission Management | Join group, Leave group, Leave all groups, Create group, Delete group, Change permissions. |
Launchpad Management | Extension Add, Extension Delete, Front Page Update |
Object Management | Create, Update, Delete. |
User Management | Login, Logout, Password Change, Password Expire, User Blocked, User Blocked Temporarily, User Unblocked, User Created, User Updated, User Deleted, Security Configuration Updated. |
The attributes that can be logged by event and the corresponding Custom Attribute Slot are listed in the following table. Please note that this is not a complete list.
Event Attribute | Description | Custom Attribute Slot |
---|---|---|
Affected user | The name of the user for the logged event. | IAU_STRING_001 |
Login application | The name of the application that has been logged into. | IAU_STRING_002 |
Project Name | The name of the project containing the affected object. This attribute is left blank for system-level objects. | IAU_STRING_003 |
Item Type | The type of object created, modified or deleted. | IAU_STRING_004 |
Item Name | The name of the object created, modified or deleted. | IAU_STRING_005 |
Affected user | The name of the user affected by changes made by an administrator. | IAU_STRING_006 |
Affected group | The name of the group affected by changes made by an administrator. | IAU_STRING_007 |
Added Permissions | List of permissions added to a group. | IAU_LONGSTRING_001 |
Removed Permissions | List of permissions removed from a group. | IAU_LONGSTRING_002 |
Custom attributes are stored in the iau_custom
table. For more information, see "Audit Reporting with the Dynamic Metadata Model" in Oracle Fusion Middleware Securing Applications with Oracle Platform Security Services. The generic attributes for the event are stored in the iau_common
table. Both of these are in the IAU schema ([RCUPREFIX]_IAU
).
Once enabled, EDQ audits events by calling the central Oracle Fusion Middleware Audit Framework APIs. The audit events can then be stored either as files or in a database for compliance reporting purposes. For more information on how to store and report on the results of auditing, see Oracle Fusion Middleware Securing Applications with Oracle Platform Security Services.