Audit Trail Reporting

Enable Audit trails for Oracle appstablesPosted by Abhijit Ray April 8, 2012 1 Comment Filed Under audit installations, audit query, audit tables, audittrail group, audittrail update tables, FND_AUDIT_COLUMNS, fnd_audit_groups, FND_AUDIT_TABLES, fnd_tables The audit trail functionality in Oracle apps allows Apps administrators to monitordata changes made on Oracle tables. Audit trail is not enabled by default as this means additional load on the server. Once audit trail is enabled for a particular table, Oracle creates a table with the same name and appends _Ato the table name and creates the table with the table columns that have been selected for audit.For instance if audit is enabled for the seeded table AP_CHECKS_ALL then Oracle will create an audit table named, AP_CHECKS_ALL_A, with the selected audit columns on AP_CHECKS_ALL. Then all records inserted, updated and deleted in AP_CHECKS_ALLwill be recorded in AP_CHECKS_ALL_A.We shall create audit trails for 2 tables, AP_BANK_BRANCHES and AP_BANK_ACCOUNTS_ALLto demonstrate the functionality.Login to Oracle Apps and go to System Administrator responsibility.Step 1: Enable audit for the instanceSet the value of profile Option, AuditTrail:Activate, on the Site level to Yes.Navigation: Profile > System

Save and close the form.Step 2: Get the application nameGet the Application name for the 2 tablesExecute the following query to get the user table names and the application names,1234SELECT ft.table_name, ft.user_table_name, fav.application_short_name, fav.application_nameFROM fnd_application_vl fav, fnd_tables ftWHERE ft.table_name IN ('AP_BANK_BRANCHES', 'AP_BANK_ACCOUNTS_ALL')AND ft.application_id = fav.application_id

We have checked that both tables belong to Payables application. Step 3: Enable audit for the applicationEnable audit for the application to which the base tables belong.Navigation: Security > Audit > Install

Check the box named, Audit Enabled, for Payables. Save and close the form. Step 4: Add table for auditingThe table has to be added in Oracle for auditingNavigation: Security > AuditTrail > TablesQuery for the tables, AP_BANK_BRANCHES and AP_BANK_ACCOUNTS_ALLand select the columns on which auditing will be done.

AP_BANK_ACCOUNTS_ALL

Step 5: Create AuditTrail groupCreate AuditTrail group for the tablesNavigation: Security > AuditTrail > GroupsCreate new Audit Trail groupEnter the values as,Application Name: PayablesAudit Group: AP Audit GroupGroup State: EnabledDescription: Audit enabled for AP tablesAudit TablesEnter the table names in User Table Name and Table Name, i.e. AP_BANK_BRANCHES and AP_BANK_ACCOUNTS_ALL.Note that the User Table Name and Table Names should match to the entries in Step 2.

Save and close the form. Step 6: Generate the audit tablesWe need to execute a seeded program to generate the audit tables that will store the audit data.Navigation: View > RequestsExecute the concurrent program, AuditTrail Update Tables

On program completion,

Check the log file,1234567891011121314151617181920212223242526272829303132333435363738394041424344454647+---------------------------------------------------------------------------+Application Object Library: Version : 11.5.0Copyright (c) 1979, 1999, Oracle Corporation. All rights reserved.FNDATUPDmodule: AuditTrail Update Tables+---------------------------------------------------------------------------+Current system time is 03-APR-2012 13:40:23+---------------------------------------------------------------------------+----->Expand RowscommitDELETE FROM FND_AUDIT_TABLES WHERE STATE = 'X'DELETE FROM FND_AUDIT_COLUMNS C WHERE C.STATE = 'P' AND NOT EXISTS (SELECT NULL FROM FND_AUDIT_TABLES T WHERE T.TABLE_APP_ID = C.TABLE_APP_ID AND T.TABLE_ID = C.TABLE_ID AND T.STATE !='X')----->Update Pending Columnscommit----->Delete Invalid Columnscommitupdate fnd_audit_groups g set g.state='E' where g.state = 'R' and not exists (select NULL from fnd_audit_tables t where t.audit_group_id = g.audit_group_id and t.audit_group_app_id = g.application_id and t.state != 'E')commit----->Update Triggerscommit+---------------------------------------------------------------------------+Start of log messages from FND_FILE+---------------------------------------------------------------------------++---------------------------------------------------------------------------+End of log messages from FND_FILE+---------------------------------------------------------------------------++---------------------------------------------------------------------------+Executing request completion options...Output is not being printed because:The print option has been disabled for this report.+------------- 1) PRINT -------------++--------------------------------------+

Now all changes made in Step 2 have been updated in the database.Audit programs given by OracleProgram NameDescription

Audit Trail Update Tables This program activates auditing on selected tables to be audited in Oracle. This program creates a shadow table for each audited table and creates triggers on each audited column in the original table.The shadow table has the same name as the audited table appended with _A. Two views are created for each column with the names _AC# and _AV# where # is a sequential number.

Audit Trail Update Datetracked TablesThis program to activate the date tracked columns only for HRMS tables. For each date tracked table, this process creates an index on the shadow table and creates a function named as, _TT, and a procedure named as, _VP, to extract information from the shadow table when you run the predefined audit report.

Audit ReportScheduling the Audit Report, will populate the data into the HR_AUDITtable for the HRMS Date tracked Tables. Schedule the Audit Report individually for each HRMS Audit Table.Schedule the Audit Report with the paramaters as Follows:Table Name : HRMS Audit Table NameInitialization : YesUserName : (Audit User Name)Start Date : (Audit From Date)End Date : (Audit To Date)HRMS Audit Tables

PER_ALL_PEOPLE_F

PER_ALL_ASSIGNMENTS_F

PAY_ELEMENT_ENTRIES_F

PAY_ELEMENT_ENTRY_VALUES_F

PAY_INPUT_VALUES_F

PER_ABSENCE_ATTENDANCES

PER_PERIODS_OF_SERVICE

PER_PAY_PROPOSALS

Step 7: Check the audit database objectsCheck whether all the database objects have been created or not1234SELECT object_name, object_typeFROM all_objectsWHERE object_name LIKE 'AP_BANK_BRANCHES_A%'OR object_name LIKE 'AP_BANK_ACCOUNTS_ALL_A%'

OutputOBJECT NAMEOBJECT TYPE

AP_BANK_ACCOUNTS_ALL_ATABLE

AP_BANK_ACCOUNTS_ALL_ASYNONYM

AP_BANK_BRANCHES_ATABLE

AP_BANK_BRANCHES_ASYNONYM

AP_BANK_ACCOUNTS_ALL_AIPPROCEDURE

AP_BANK_ACCOUNTS_ALL_AUPPROCEDURE

AP_BANK_ACCOUNTS_ALL_ADPPROCEDURE

AP_BANK_ACCOUNTS_ALL_AHTRIGGER

AP_BANK_ACCOUNTS_ALL_AITRIGGER

AP_BANK_ACCOUNTS_ALL_ATTRIGGER

AP_BANK_ACCOUNTS_ALL_AUTRIGGER

AP_BANK_ACCOUNTS_ALL_ACTRIGGER

AP_BANK_ACCOUNTS_ALL_ADTRIGGER

AP_BANK_ACCOUNTS_ALL_AV1VIEW






























AP_BANK_ACCOUNTS_ALL_AC1VIEW

AP_BANK_BRANCHES_AIPPROCEDURE

AP_BANK_BRANCHES_AUPPROCEDURE

AP_BANK_BRANCHES_ADPPROCEDURE

AP_BANK_BRANCHES_AHTRIGGER

AP_BANK_BRANCHES_AITRIGGER

AP_BANK_BRANCHES_ATTRIGGER

AP_BANK_BRANCHES_AUTRIGGER

AP_BANK_BRANCHES_ACTRIGGER

AP_BANK_BRANCHES_ADTRIGGER

AP_BANK_BRANCHES_AV1VIEW

























AP_BANK_BRANCHES_AC1VIEW

Describe one of the tables for which we enabled audit now. Say, AP_BANK_BRANCHES. You will find several triggers on this table that have been added by the AuditTrail Update Tablesprogram. These triggers will ensurethat the audit data is populatedin the audit tables as soon as there is DMLoperation on the tables on which audit has been turned on.

The program has created these triggers along with other database objects given in the list above.Note: All audit metadata is stored in the following tables,1. FND_AUDIT_SCHEMAS2. FND_AUDIT_TABLES3. FND_AUDIT_COLUMNS4. FND_AUDIT_GROUPS Testing audit trailNow audit is enabled for these 2 tables. Let us test the functionality by making changes on the bank accounts and branches.Open the Bank Account form.Responsibility: AP responsibilityNavigation: Setup > Payment > BanksQuery for an existing bank branch

Update the alternate name of the Bank to Test Branch.

Save the form.Query the database,1select * from AP_BANK_BRANCHES_A where bank_branch_id = 633265 order by audit_timestamp desc

Note that all audit tables are named in the order of, _A. That means if the base table name is AP_BANK_BRANCHES then the audit table name corresponding to this table will be named, AP_BANK_BRANCHES_AScroll right to see the data

Note that the bank_branch_id is 633265We shall now see how the audit report looks like.Responsibility: System AdministratorNavigation: Security > AuditTrail > Audit Trail Reporting > Audit Query Navigator

Drop down the Functional Groups section

Select AP Audit Group as the AP_BANK_BRANCHES table is in this group (as set up in Step 3 above). Select this group.

Now select the table AP_BANK_BRANCHES table,

Now all the modified bank branches are shown. We can select the bank branch id, 633265, for the bank branch by scrolling down.

Select the bank branch id, 633265. A new form opens with the details of change on this bank branch.

2 lines are shown for this bank branch. The line with Transaction Type, Current, is for the latest values of the bank branch. Click on Vertical View button.

After scrolling down in the Details section, you can see the previous value of BANK_NAME_ALTcolumn in the table contains the current value, Test branch, and the old value was null.Now go back to the Bank branch form and query for the same bank branch.Update the Alternate Name field of the bank to Updated Again.Now if you check the audit trail form again you will see the latest record as shown below,

Click on the 2ndrecord. This is the record which was created for the previous update on the Bank Branch.

Note that the field now shows the previous value and compares the value with the current value. This means that any record entered in the master record is compared with next the audit record.We can query for the record in the database as well.123SELECT audit_timestamp, audit_sequence_id, audit_transaction_type, audit_user_name, bank_name_altFROM ap_bank_branches_aWHERE bank_branch_id = 633265

Note that the current record can be compared with the previous value. For every update on a record the audit_sequence_id will increment by 1.Let us make changes using another Bank Branch on the same fields multiple times. Ensure that the form is changedeach time the values are changed. Query the audit table in the database once again with the same query,This bank branch id is 6888971234SELECT audit_timestamp, audit_sequence_id, audit_transaction_type, audit_user_name, bank_name_alt, bank_branch_name_altFROM ap_bank_branches_aWHERE bank_branch_id = 688897order by 1

Note that AUDIT_SEQUENCE_IDcolumn is incrementedby 1 for each update made on the same data or record in the base table. This is the audit process for any table that has to be monitored by the administrators/usersAudit trails can beenabled for custom tables also provided the tables are registered in Oracle Apps. We shall talk about table registration in a follow-up article later on.

Audit trailreportingPosted by Abhijit Ray October 27, 2012 Leave a Comment Filed Under Audit Group, Industry template This article talks about the process of getting audit reports from Oracle. We have used the same setup that we have discussed in this article.Setup Audit Trail ReportsResponsibility: System AdministratorStep 1: Create a new Audit Industry TemplateNavigation: Security > AuditTrail > Audit Trail Reporting > Audit Industry Template

Query the form to check if any existing Industry template exists or not.

We find an already existing template and therefore we shall not create another industry template. Add the Group as the Functional Group in this template.

Select AP Audit group.

Save and close the form.

Step 2: Set the audit reportNavigation: Security > AuditTrail > Audit Trail Reporting > Audit Report

Enter the details

Click on Select Columns button.

Select the columns for which you want to run the report. We have selected 1 column, BANK_ACCOUNT_NUM, from the table, AP_BANK_ACCOUNTS_ALL.Click on Print Options button.

It opens the printing options window and you can enter the printer details if you want to. We do not want the report to be printed to a printer and so we shall click on Cancel button to come back to the Select Reporting Columns form.On the Select Reporting Columns form click on Run Report button.

The report is submitted and the request id is displayed. Now go to View > Requests > Find to check the concurrent requests.

Click on View Output button.

The output will display all changes made by SA1 user on the BANK_ACCOUNT_NUM column of this table.The report in text format,12345678910111213141516171819202122232425262728293031Page : 1Functional Group : AP Audit groupTable Name : AP_BANK_ACCOUNTS_ALLTransaction Type : User Name : SA1Date Range : -Table Name : AP_BANK_ACCOUNTS_ALLRecord ID : 22401Audit Audit Audit User BANK_ACCOUNT_Timestamp Transaction Name NUMType--------------------------------------------------------------------------------------------------------------07-JUN-12 11:22 Update SA1 088104294001Record ID : 38381Audit Audit Audit User BANK_ACCOUNT_Timestamp Transaction Name NUMType--------------------------------------------------------------------------------------------------------------12-JUN-12 12:18 Update SA1 20000178816412-JUN-12 12:17 Update SA1 20000178816412-JUN-12 12:01 Update SA1 20000178816412-JUN-12 12:01 Update SA1 20000178816412-JUN-12 12:00 Update SA1 200001788163Record ID : 38546Audit Audit Audit User BANK_ACCOUNT_Timestamp Transaction Name NUMType--------------------------------------------------------------------------------------------------------------12-JUN-12 18:32 Update SA1 0000123000112-JUN-12 18:32 Update SA1 0000123000112-JUN-12 18:32 Insert SA1 00001230001

Check changes on all the columns on this table,AP_BANK_ACCOUNTS_ALL.Navigation: View > Requests > Single RequestRun the program named, Audit Report.Enter the parameters as,Table Name: AP_BANK_ACCOUNTS_ALLInitialization: Yes

Click on OK and submit the request.

Once the request completes, click on View Output button. The report looks like the following,

In text the report is like this, Audit Report

Report Date: 11-09-2012 14:43

Report Parameters

Table Name: AP_BANK_ACCOUNTS_ALL

Table Type: Non-datetracked

User: SA1

Start Date: (s7B01-JAN-01(s0B

End Date: (s7B31-DEC-12(s0B

Audit Report

Table Name: AP_BANK_ACCOUNTS_ALL Report Date: 11-09-2012 14:43

Primary Key: BANK_ACCOUNT_ID Page: 1

----------------------------------------------------------------------------

Audit Timestamp: 07-06-2012 11:22 Primary Key Value: 22401

Audit Session Id: 60917890 Transaction Type: Normal Update

User Name: SA1

Column Name Old Value New Value

----------- --------- ---------

Last Update Date 16-02-2011 07-06-2012

Last Updated By 1176 12691

Last Update 13824409 20301599

Login

----------------------------------------------------------------------------



User Name: SA1


----------- --------- ---------

Last Update Date 14-02-2012 12-06-2012

Inactive Date 14-02-2012

Last Updated By 1962 12691

Last Update 19099472 20365176

Login

----------------------------------------------------------------------------



User Name: SA1


----------- --------- ---------

Bank Account Num 200001788163 200001788164

Last Update Date 12-06-2012 12-06-2012

----------------------------------------------------------------------------



User Name: SA1


----------- --------- ---------

Last Update Date 12-06-2012 12-06-2012


----------------------------------------------------------------------------



User Name: SA1


----------- --------- ---------

Last Update Date 12-06-2012 12-06-2012


Audit Report



----------------------------------------------------------------------------



User Name: SA1


----------- --------- ---------

Last Update Date 12-06-2012 12-06-2012


----------------------------------------------------------------------------


Audit Session Id: 61037197 Transaction Type: Normal Insert

User Name: SA1

Column Name New Value

----------- ---------

Created By 12691

Bank Account Test

Name

Bank Account Num 00001230001

Currency Code INR

Multi Currency Y

Flag

Last Update Date 12-06-2012

Creation Date 12-06-2012

Last Updated By 12691

Last Update 20366178

Login

Bank Branch Id 762018

Set Of Books Id 1004

Zero Amounts N

Allowed

Account Type INTERNAL

Org Id 360

----------------------------------------------------------------------------



User Name: SA1


----------- --------- ---------

Last Update Date 12-06-2012 12-06-2012


----------------------------------------------------------------------------



User Name: SA1


----------- --------- ---------

Last Update Date 12-06-2012 12-06-2012


Audit Report



***** End Of Report *****This report also gives us the audit data in a different format. Using these seeded audit reports all changes can be tracked and monitored by administrators. For specific requirements alerts for alerting administrators for certain changes or custom reports (AP_BANK_ACCOUNTS_ALL_A table) can be built to analyze the data.

28

Documents

Audit Trail Reporting