Tuesday, November 13, 2007

Audit users in Oracle Applications

We have 2 types of audit in Oracle Applications :
1) Audit users who sign on to Oracle Applications
2) Audit changed data in database

In this post I'm going to write about the first audit and the next post will be on the second type.

It's all begins with the "Sign-On:Audit Level" profile.
This profile can be set to one from four possible values at site level, and this is all what you need to do in order to enable it:
1) NONE – no audit enabled (Default value)
2) USER – audit user login to system, the logon time and the logoff time.
3) RESPONSIBILITY – audit all the above + which responsibilities the user chose and how long he stayed in each responsibility.
4) FORM – audit all the above + which forms the user used and how long he stayed in each form.

Each level populated an audit information tables:
1) USER – populates the FND_LOGINS table only.
2) RESPONSIBILITY – populates FND_LOGINS and FND_LOGIN_RESPONSIBILITIES tables.
3) FORM – populates FND_LOGINS, FND_LOGIN_RESPONSIBILITIES and FND_LOGIN_RESP_FORMS tables.

About those tables:

FND_LOGINS – holds information about users login to system, when and how long.
This table holds one row for each login.

FND_LOGIN_RESPONSIBILITIES – holds information about changes of responsibilities, when and how long being at each responsibility.
For each change this table holds one row with values that identify the user's login session, the user's current responsibility, and when the user is in the responsibility

FND_LOGIN_RESP_FORMS – holds information about using forms, when and how long.
This table holds one row for each form used in the same session with values that identify the user's login session, current responsibility, when and how long using each form.

In order to see the user audit information, there are 5 reports (concurrents) that you can use:
1) Signon Audit Concurrent Request
Show concurrent requests audit information – the user who run this request, when, from which responsibility and form, for all concurrent requests run in the system.

2) Signon Audit Forms
Show audit information about which user enter to which form, when and for how long.

3) Signon Audit Responsibilities
Show audit information about which user choose which responsibility, when and how long he stayed in each responsibility.

4) Signon Audit Unsuccessful Logins
Show audit information about unsuccessful logins to Oracle Applications.

5) Signon Audit Users
Show audit information about who sign on, when and for how long.


- In addition there is a monitor screen where you can see online data about users connected to system, which responsibility and form they are using and how long they are connected.
You can use this monitor from:
System Administrator responsibility -> security -> User -> Monitor.

- To inform users about unsuccessful logins to their account, you can set the “Sign-On:Notification” profile to Yes.


For more information about audit you can read "Oracle Applications System Administrator’s Guide - Security Release 11i" - Chapter 5 - User and Data Auditing

You are welcome to leave a comment.

Aviad

6 comments:

Anonymous said...

Great information. Very simple and to the point

Anonymous said...

Perfect concise instructions

Anonymous said...

Perfect concise instructions

Hemchand said...

I have the below questions:
1) What is meant by the term 'Concurrent Users'?
2) How to check whether a company has violated the Oracle Apps license or not?

Appreciate your quick response.

Aviad said...

Hi Hemchand,

1) "Concurrent Users" = how many users are using the system at the same time.

2) I'm pretty sure that the system doesn't know how much concurrent users you purchased in your license.
The system doesn't enforce it.

Aviad

Sheena said...

hi, good article. I have a problem though:
in my environment, the fnd_logins and Icx-sessions table do not get an end date when the user logs off. Would appreciate any ideas why.

Thanks!
Sheena