md50 audit tables_v1.0.docx

-

Incomm – Audit Trail/Shadow Tables

MD.050 APPLICATION EXTENSION FUNCTIONAL DESIGN

AR Customer Audit Trail/Shadow Table Implementation

Author: Viren SharmaCreation Date: July 06, 2015Last Updated: July 23, 20155Document Ref:Version: 1.0

Approvals:

Lisa Thompson

Justina Houston

-


Document Control

Change Record

Date Author Version Change Reference

07/07/15 Viren Sharma 1

Reviewers

Name Position

Justina Houston Oracle Production Support Manager

Distribution

Copy No. Name Location

12


-

Contents

Document Control..................................................................................................................

Introduction .............................................................................................................................

Purpose ............................................................................................................................. Scope.................................................................................................................................. Objectives ..........................................................................................................................

Setup .........................................................................................................................................

Set profile Option.................................................................................................................... Install ....................................................................................................................................... . Define the Audit Group ......................................................................................................... Define the Audit Columns.....................................................................................................

Creating Audit Tables ............................................................................................................

AuditTrail Update Tables ...................................................................................................... Tables Schema created ......................................................................................................... AuditTrail Report for Audit Group Validation ................................................................

Creating Reports ...................................................................................................................

Create an Audit Template ................................................................................................... Audit Hierarchy Navigator ................................................................................................. Audit Query Navigator........................................................................................................ Audit Report..........................................................................................................................

Disabling Audit Tables ........................................................................................................

Disable Prepare for Archive ................................................................................................ Disable Interrupt Audit .......................................................................................................Disable Purge Table..............................................................................................................

Open and Closed Issues - Remarks ....................................................................................

Open Issues..................................................................................................................... Closed Issues ..................................................................................................................

-

IntroductionThis document is a guide on the steps to perform to implement an audit on ARtables.

Purpose This is a description of the setup needed to be done before launching the creation of the audit tables. There is also a possibility to launch a concurrent program to check whether the audit objects have been well created.Once the audit on AR table is in place, records are populated as long as activity on the tables is seen and the audit is kept on running.

Scope

The screen shots have been copied from an instance having the characteristics below:

• RDBMS 11.1.0.7• Oracle Application 12.1.2• Aim: enabling audit table on Customer Tables for some given

columns

Objectives

At the end of this document the reader should be able to enabling the audit table for any table.

4

-

Setup

Set Profile Option

Log in with the responsibility: System AdministratorNavigation Path: System/profile

Query on profile option: AuditTrail:Activate

Ensure that this profile option is set to yes at site level and not overwritten by a No at application level (valid values are yes or null when it is defined at site level as indicated above). It is preferred to set it as application level to avoid a mass audit creation.

-

Install

Log in with the responsibility: System AdministratorNavigation Path: Security/AuditTrail/Install

Query on profile option: Oracle Username: AR

Ensure that the user account for Oracle Receivables is checked as enabled for audit. If not, click in the check box and save.

-

Define the Audit Group

Log in with the responsibility: System AdministratorNavigation Path: Security/AuditTrail/Groups

Create an audit group for the application Payment

List all the Oracle Payments/Receivables tables that you wish to include in that same audit group. In our example we are defining an audit on below table:

RA_CUST_RECEIPT_METHODSHZ_CUST_ACCT_SITES_ALLHZ_CUST_SITE_USIBY_EXT_BANK_ACCOUNTS

-Define the Audit Columns

Log in with the responsibility: System AdministratorNavigation Path: Security/AuditTrail/Tables

Query on the Table Name RA_CUST_RECEIPT_METHODS.

The primary key: CUST_RECEIPT_ID should be listed by default as shown above. To insert new lines for the other columns you would like to include in the audit, click in the field below RECEIPT_METHOD_ID in the second row.

-

Creating Audit TablesAt this stage the audit tables are not created as yet. For this you need to launch a concurrent program.

AuditTrail Update Tables

Log in with the responsibility: System AdministratorNavigation Path: Requests/Run

Submit the report: Audit Trail Update Tables

-

The log of this program shows the activity performed for the table RA_CUST_RECEIPT_METHODS:

log showing :…----->Create Standard TriggersCREATE OR REPLACE PROCEDURERA_CUST_RECEIPT_METHODS_AIP(A0 IN NUMBER,JB IN NUMBER,E0 IN NUMBER,RB IN NUMBER )ASROWKEY number;NXT number;CMT number;NUSER varchar2(100);nls_date_fmt VARCHAR2(40);BEGINselect value into nls_date_fmt from v$NLS_PARAMETERS where parameter='NLS_DATE_FORMAT';execute IMMEDIATE 'alter session set nls_date_format="MM/DD/YYYY HH24:MI:SS"';NXT:=FND_AUDIT_SEQ_PKG.NXT;CMT:=FND_AUDIT_SEQ_PKG.CMT;ROWKEY:=(TO_NUMBER(TO_CHAR(SYSDATE,'YYYYMMDDHH24MISS'))*100000 +MOD(NXT,100000)) * 100000 + USERENV('SESSIONID');NUSER:=FND_AUDIT_SEQ_PKG.USER_NAME;INSERT INTO RA_CUST_RECEIPT_METHODS_A VALUES(SYSDATE,'I',NUSER,NULL,USERENV('SESSIONID'),NXT,CMT,ROWKEY,E0,NULL);execute IMMEDIATE 'alter session set nls_date_format="'||nls_date_fmt||'"';

END RA_CUST_RECEIPT_METHODS_AIP;

…

Tables Schema createdExecute the following sql statement in a Sql*Plus session:

-

Audit Trail Report for Audit Group Validation

Log in with the responsibility: System Administrator

Navigation Path: Requests/Run

Submit the report: Audit Trail Report for Audit Group ValidationBy choosing the audit group in parameters: in our example: Audit AR Tables R12.

-

The log file shows the result of the check:

+---------------------------------------------------------------------------+Application Object Library: Version : 12.0.0

Copyright (c) 1979, 1999, Oracle Corporation. All rights reserved.

FNDATRPT module: AuditTrail Report for Audit Group Validation+---------------------------------------------------------------------------+

Current system time is 07-JUL-2015 14:54:29

+---------------------------------------------------------------------------+

**Starts**07-JUL-2015 14:54:29**Ends**07-JUL-2015 14:54:30+---------------------------------------------------------------------------+Start of log messages from FND_FILE+---------------------------------------------------------------------------+Profile Option AuditTrail:Activate is N------------------------------------------------------------------------Audit Group Name is AR Customer Audit- Audit Group Table Name : HZ_CUST_ACCT_SITES_ALL- Audit Group Oracle Username : AR is Audit Enabled- Audit Group Table : HZ_CUST_ACCT_SITES_ALL is VALID- Audit Group Table Synonym : HZ_CUST_ACCT_SITES_ALL is VALID- Audit Group Shadow Table : HZ_CUST_ACCT_SITES_ALL_A is VALID- Audit Group Shadow Table Synonym: HZ_CUST_ACCT_SITES_ALL_A_A is VALID- Audit Group Trigger : HZ_CUST_ACCT_SITES_ALL_AI is VALID- Audit Group Trigger : HZ_CUST_ACCT_SITES_ALL_AU is VALID- Audit Group Trigger : HZ_CUST_ACCT_SITES_ALL_AD is VALID- Audit Group Procedure : HZ_CUST_ACCT_SITES_ALL_AIP is VALID- Audit Group Procedure : HZ_CUST_ACCT_SITES_ALL_AUP is VALID- Audit Group Procedure : HZ_CUST_ACCT_SITES_ALL_ADP is VALID- Audit Group View : HZ_CUST_ACCT_SITES_ALL_AV1 is VALID- Audit Group View : HZ_CUST_ACCT_SITES_ALL_AV2 is VALID- Audit Group View : HZ_CUST_ACCT_SITES_ALL_AV3 is VALID- Audit Group View AV% : 3 out of 3 View(s) are present in the database.- Audit Group View : HZ_CUST_ACCT_SITES_ALL_AC1 is VALID- Audit Group Table HZ_CUST_ACCT_SITES_ALL is not missing any columns present in shadow table HZ_CUST_ACCT_SITES_ALL_A - Audit Group Table HZ_CUST_ACCT_SITES_ALL is not present in any other Audit Groups - Audit Group Table Name : RA_CUST_RECEIPT_METHODS- Audit Group Oracle Username : AR is Audit Enabled- Audit Group Table : RA_CUST_RECEIPT_METHODS is VALID- Audit Group Table Synonym : RA_CUST_RECEIPT_METHODS is VALID- Audit Group Shadow Table : RA_CUST_RECEIPT_METHODS_A is VALID- Audit Group Shadow Table Synonym: RA_CUST_RECEIPT_METHODS__A is VALID- Audit Group Trigger : RA_CUST_RECEIPT_METHODS_AI is VALID- Audit Group Trigger : RA_CUST_RECEIPT_METHODS_AU is VALID- Audit Group Trigger : RA_CUST_RECEIPT_METHODS_AD is VALID- Audit Group Procedure : RA_CUST_RECEIPT_METHODS_AIP is VALID- Audit Group Procedure : RA_CUST_RECEIPT_METHODS_AUP is VALID- Audit Group Procedure : RA_CUST_RECEIPT_METHODS_ADP is VALID- Audit Group View : RA_CUST_RECEIPT_METHODS_AV1 is VALID- Audit Group View : RA_CUST_RECEIPT_METHODS_AV2 is VALID- Audit Group View AV% : 2 out of 2 View(s) are present in the database.- Audit Group View : RA_CUST_RECEIPT_METHODS_AC1 is VALID- Audit Group Table RA_CUST_RECEIPT_METHODS is not missing any columns present in shadow table RA_CUST_RECEIPT_METHODS_A - Audit Group Table RA_CUST_RECEIPT_METHODS is not present in any other Audit Groups - Audit Group Table Name : HZ_CUST_SITE_USES_ALL- Audit Group Oracle Username : AR is Audit Enabled- Audit Group Table : HZ_CUST_SITE_USES_ALL is VALID- Audit Group Table Synonym : HZ_CUST_SITE_USES_ALL is VALID- Audit Group Shadow Table : HZ_CUST_SITE_USES_ALL_A is VALID- Audit Group Shadow Table Synonym: HZ_CUST_SITE_USES_ALL_A_A is VALID

-- Audit Group Trigger : HZ_CUST_SITE_USES_ALL_AI is VALID- Audit Group Trigger : HZ_CUST_SITE_USES_ALL_AU is VALID- Audit Group Trigger : HZ_CUST_SITE_USES_ALL_AD is VALID- Audit Group Procedure : HZ_CUST_SITE_USES_ALL_AIP is VALID- Audit Group Procedure : HZ_CUST_SITE_USES_ALL_AUP is VALID- Audit Group Procedure : HZ_CUST_SITE_USES_ALL_ADP is VALID- Audit Group View : HZ_CUST_SITE_USES_ALL_AV1 is VALID- Audit Group View : HZ_CUST_SITE_USES_ALL_AV2 is VALID- Audit Group View : HZ_CUST_SITE_USES_ALL_AV3 is VALID- Audit Group View AV% : 3 out of 3 View(s) are present in the database.- Audit Group View : HZ_CUST_SITE_USES_ALL_AC1 is VALID- Audit Group Table HZ_CUST_SITE_USES_ALL is not missing any columns present in shadow table HZ_CUST_SITE_USES_ALL_A - Audit Group Table HZ_CUST_SITE_USES_ALL is not present in any other Audit Groups - Audit Group Table Name : IBY_EXT_BANK_ACCOUNTS- Audit Group Oracle Username : IBY is Audit Enabled- Audit Group Table : IBY_EXT_BANK_ACCOUNTS is VALID- Audit Group Table Synonym : IBY_EXT_BANK_ACCOUNTS is VALID- Audit Group Shadow Table : IBY_EXT_BANK_ACCOUNTS_A is VALID- Audit Group Shadow Table Synonym: IBY_EXT_BANK_ACCOUNTS_A_A is VALID- Audit Group Trigger : IBY_EXT_BANK_ACCOUNTS_AI is VALID- Audit Group Trigger : IBY_EXT_BANK_ACCOUNTS_AU is VALID- Audit Group Trigger : IBY_EXT_BANK_ACCOUNTS_AD is VALID- Audit Group Procedure : IBY_EXT_BANK_ACCOUNTS_AIP is VALID- Audit Group Procedure : IBY_EXT_BANK_ACCOUNTS_AUP is VALID- Audit Group Procedure : IBY_EXT_BANK_ACCOUNTS_ADP is VALID- Audit Group View : IBY_EXT_BANK_ACCOUNTS_AV1 is VALID- Audit Group View : IBY_EXT_BANK_ACCOUNTS_AV2 is VALID- Audit Group View : IBY_EXT_BANK_ACCOUNTS_AV3 is VALID- Audit Group View AV% : 3 out of 3 View(s) are present in the database.- Audit Group View : IBY_EXT_BANK_ACCOUNTS_AC1 is VALID- Audit Group Table IBY_EXT_BANK_ACCOUNTS is not missing any columns present in shadow table IBY_EXT_BANK_ACCOUNTS_A - Audit Group Table IBY_EXT_BANK_ACCOUNTS is not present in any other Audit Groups +---------------------------------------------------------------------------+End of log messages from FND_FILE+---------------------------------------------------------------------------+

+---------------------------------------------------------------------------+Executing request completion options...

Output file size: 0

+------------- 1) PRINT -------------+Disabling requested Output Post Processing. Nothing to process. The output of the request is zero byte.+--------------------------------------+

Finished executing request completion options.

+---------------------------------------------------------------------------+Concurrent request completed successfullyCurrent system time is 07-JUL-2015 14:54:30

+---------------------------------------------------------------------------+

-

This process creates Shadow Tables with the same data type columns. Shadow Tables have the name<tablename>_A which mirror the audited tables. (in our example the audited table isRA_CUST_RECEIPT_METHODS and the shadow table is RA_CUST_RECEIPT_METHODS_A).It also creates views on the Shadow Tables with the name <tablename>_AC1 and

<tablename>_AV1 which allow access to the data in the Shadow Tables.It creates database triggers on the audited tables picked above with the name <tablename>_AI,

<tablename>_AU and <tablename>_AD which fire respective when the audited columns are Inserted, Updated or Deleted.Lastly it creates procedures that are called by the triggers with the name <tablename>_AIP, <tablename>_AUP

and <tablename>_AID. These save the old data from the audited tables into the Shadow Tables.The triggers are valid, all future activity for this OTA_DELEGATE_BOOKINGS table on the columns described in the form earlier will be recorded now on.

-

Creating Reports

Create an Audit Template

Log in with the responsibility: System AdministratorNavigation Path: Security/AuditTrail Reporting/Audit Industry Template

Create a template name: AR Customer Audit Template (for our example), Enter a description.In the Functional areas select from the LOV the functional groups ( in our example Audit AR Customer Audit).

14

-

Audit Report

Log in with the responsibility: System AdministratorNavigation Path: Security/Audit Trail Reporting/Audit Report

Select the functional group, the audit table name , if you wish to filter by the user who made these transactions in that table you can specify it. If you wish to filter on insert or delete only you can mention it, or select All in the list if you wish to see all kind of activity on this table.

Once all Criteria for the reports are entered, click on Select Columns Button to select the column you wish to print into the report.

15

-

In our example we had few columns so we can select all of them. In case you have more than 5 columns, there are restrictions in this form for technical reasons. You would need to rerun with another set of columns.When the columns are selected, click on Run Report. Then a concurrent program is launched. Navigate to View Requests, and open the output of the concurrent program: Audit Trail Report. The result is the following:

Functional Group : AR Customer Audit Table Name : RA_CUST_RECEIPT_METHODS Transaction Type : All User Name : Date Range : 01-MAY-2015 - 07-JUL-2015

Table Name : RA_CUST_RECEIPT_METHODS Record ID : 10000 Audit Audit Audit User CUST_RECEIPT_RECEIPT_METHOD Timestamp Transaction Name METHOD_ID _ID Type -------------------------------------------------------------------------------------------------------------- 07-JUL-15 15:14 Current 10000 7000 Record ID : 10001 Audit Audit Audit User CUST_RECEIPT_RECEIPT_METHOD Timestamp Transaction Name METHOD_ID _ID Type -------------------------------------------------------------------------------------------------------------- 07-JUL-15 15:14 Current 10001 7000 Record ID : 10002 Audit Audit Audit User CUST_RECEIPT_RECEIPT_METHOD Timestamp Transaction Name METHOD_ID _ID Type -------------------------------------------------------------------------------------------------------------- 07-JUL-15 15:14 Current 10002 7000 Record ID : 10003 Audit Audit Audit User CUST_RECEIPT_RECEIPT_METHOD Timestamp Transaction Name METHOD_ID _ID Type -------------------------------------------------------------------------------------------------------------- 07-JUL-15 15:14 Current 10003 7000 Record ID : 10004 Audit Audit Audit User CUST_RECEIPT_RECEIPT_METHOD Timestamp Transaction Name METHOD_ID _ID Type -------------------------------------------------------------------------------------------------------------- 07-JUL-15 15:14 Current 10004 7000 Record ID : 10005 Audit Audit Audit User CUST_RECEIPT_RECEIPT_METHOD Timestamp Transaction Name METHOD_ID _ID Type -------------------------------------------------------------------------------------------------------------- 07-JUL-15 15:14 Current 10005 7000

21

- Record ID : 10006 Audit Audit Audit User CUST_RECEIPT_RECEIPT_METHOD Timestamp Transaction Name METHOD_ID _ID Type

Disabling Audit TablesThere are 3 ways to disable the audit Trail:

Disable Prepare for ArchiveA copy of current value for all rows in the audited table is made into the shadow table. Then the auditing triggers are disabled. There is no longer any recording of any future changes. The shadow table is then ready for being archived.

Disable Interrupt AuditThe triggers are altered in order to insert only one final row in the shadow table for each row that is modified in the audit table. There is no longer recording of any changes.

Disable Purge TableThe auditing triggers are dropped. The views are deleted and all data from the shadow table are deleted too.

All these options are available from the "Define Audit Groups" form. Login as System Administrator User Responsibility:Navigate AuditTrail/ GroupsQuery on the audit group and select one of the above options listed in the state field to disable auditing.Then run the Audit Trial Update Tables report as seen earlier for the creation of the tables, in order to clean the database.

22

-

Open and Closed Issues - Remarks

Open Issues

Closed Issues

[Type text]

md50 audit tables_v1.0.docx

Documents

audit tables

audit report

audit columns

audit template

audit group validation

audit hierarchy navigator

audit query navigator

tables schema