Skip to main content

How To Audit and Monitor An Oracle Applications User in R12

How To Audit  and Monitor An Oracle Applications User in R12






Sign-On:Audit Level allows you to select a level at which to audit users who sign on to Oracle Applications and monitor.

Overview:
Users Activity in Oracle E-Business Suite can be monitored online (using a given form) or via reports available in the system administration responsibility.

The online monitoring of user activity within Oracle Applications is achieved via the Monitor Users form (Form Name: FNDSCMON.fmx). In order to use this form and also to use the reports the profile option Sign-On: Audit Level must be set to an appropriate value. The available options are: - 

NONE: No monitoring performed on users’ activity.
USER: Only show a list of logged-in users.
RESPONSIBILITY: Will show the users logged in and the responsibility they are using.
FORM: show the most detailed level, it will show the User, Responsibility, and Form being accessed.

The general overview of the process of monitoring user activity in Oracle Applications R12 is:
1. Enabling users tracking by setting the profile option “Sign-On: Audit level” to take the value for example “Form”.
2. Viewing Users online using the “Monitor Users” form.
3. Viewing Monitoring Reports about users and their activity.
4. If not used disable tracking users by changing the “Sign-On: Audit level” to take the value for example “None”.

Based on the level chosen, the information captured gets stored in the following tables:

    FND_LOGINS
    FND_LOGIN_RESPONSIBILITIES
    FND_LOGIN_RESP_FORMS

1. Least detailed level: User.
When the profile is set to User, the only table that gets updated is the table FND_LOGINS and only one record per user session.

2. Next level: Responsibility.
When the profile is set to Responsibility both FND_LOGINS and FND_LOGIN_RESPONSIBILITIES will be updated.
FND_LOGINS gets only one record per user session.
FND_LOGIN_RESPONSIBILITIES will be updated with one record for each
responsibility selected during the session.

3. Most detailed level: Form.
When the profile is set to Form all three tables are involved.
FND_LOGINS gets only one record per user session.
FND_LOGIN_RESPONSIBILITIES will be updated with one record for each
responsibility selected during the session.

FND_LOGIN_RESP_FORMS will be updated with one record for each form selected during the session.

Enable User Tracking – Setting the Sign-On: Audit Level profile option:
To enable user tracking by changing the value of “Sign-On: Audit Level” profile option use the following steps (we will use the value Form):
1. Log in to Oracle APPS with system administrator responsibility
2. Navigate to Profile > System
3. Make sure the Site option is checked.
4. Navigate to Profile and search for sign > Click Find
5. Select the “Sign-On: Audit Level” > Click Find
6. Change its value to be Form
7. From the Menu bar click File > Save
 
Viewing Users Online Using the “Monitor Users” form

To monitor users online we use the “Monitor Users” screen or form. To display current users and their information using Monitor Users form:
1. Log in with System Administrator Responsibility
2. Navigate to Security: Users > Monitor
3. Click (CTL + F11) keys to display the result.

 
 
This is a very useful screen since it tells you exactly which users are logged in and what are they doing in the system at any point in time. One may check this screen before bouncing or restarting the system to make sure all users are logged out.

It is a good practice to set the Sign-On: Audit Level profile option to “Form” since it gives the most detailed information above other choices but it will impact the system performance since it collects a lot of information, so you have to keep that in mind.
 
Viewing Monitoring Reports about Users and their activity:

Depending on what audit level you have selected for the profile option under discussion you may also generate various reports as indicated below: –

Sign-On Audit Concurrent Requests: View information about who is requesting what concurrent requests and from which responsibilities and forms.
Sign-On Audit Forms:View who is navigating to what form and when they do it.
Sign-On Audit Responsibilities: Used to view who is selecting what responsibility and when they are doing it.
Sign-On Audit Users:Used to view who signs on and for how long.
Sign-On Audit Unsuccessful: Show audit information about unsuccessful logins to Oracle Applications.

To view any of the given reports monitoring user activity use the following steps:

1. Navigate to System Administrator Responsibility > Concurrent > Requests Or from the Menu Bar go to View > Requests
2. Choose to Submit New Request > Single Request
3. Select the report you want from the 4 requests given above.
4. Click Submit > Find
5. Select the report you choose and click the View output button to view the report.
     

Notifying Users of Unsuccessful Logins to their accounts:
 
Sign-On Audit can track user logins and provide users with a warning message if anyone has made an unsuccessful attempt to sign on with their application username since their last sign-on. This warning message appears after a user signs on. You do not have to audit the user with Sign-On Audit to use this notification feature.

To inform users about unsuccessful logins to their account, you can set the “Sign-On: Notification” profile option to Yes. To do that from System Administrator Responsibility > Profile > System > Find the profile option “Sign-On: Notification” and change its value to Yes.

References:
What Tables Are Involved In Using The System Profile 'Sign-On:Audit Level'? [ID 368260.1]


If you like please follow and comment
Labels:

Comments

Post a Comment

Popular posts from this blog

WebLogic migration to OCI using WDT tool

WebLogic migration to OCI using WDT tool Oracle WebLogic Deploy Tool (WDT) is an open-source project designed to simplify and streamline the management of Oracle WebLogic Server domains. With WDT, you can export configuration and application files from one WebLogic Server domain and import them into another, making it a highly effective tool for tasks like migrating on-premises WebLogic configurations to Oracle Cloud. This blog outlines a detailed step-by-step process for using WDT to migrate WebLogic resources and configurations. Supported WLS versions Why Use WDT for Migration? When moving Oracle WebLogic resources from an on-premises environment to Oracle Cloud (or another WebLogic Server), WDT provides an efficient and reliable approach to: Discover and export domain configurations and application binaries. Create reusable models and archives for deployment in a target domain. Key Pre-Requisites Source System: An Oracle WebLogic Server with pre-configured resources such as: Applica...
Post a Comment
Read more

How to Validate TDE Wallet Password in Oracle Database

How to Validate TDE Wallet Password in Oracle Database Validating the Transparent Data Encryption (TDE) wallet password is crucial, especially when ensuring that the password is correct without using the OPEN or CLOSE commands in the database. This blog post explains a straightforward method to validate the TDE password using the mkstore utility. Steps to Validate TDE Wallet Password Follow these steps to validate the TDE wallet password: Step 1: Copy the Keystore/Wallet File Navigate to your existing TDE wallet directory. Copy only the ewallet.p12 file to a new directory. If a cwallet.sso file exists, do not copy it . The absence of cwallet.sso ensures that the wallet does not use auto-login, forcing the utility to prompt for the password. Step 2: Validate Using mkstore Use the mkstore utility to check the contents of the wallet file. The mkstore utility will prompt you for the TDE wallet password, allowing you to validate its correctness. Command Syntax To display the conten...
Post a Comment
Read more

EBS 12.2 ADOP Interview Questions With Scenarios

EBS 12.2 ADOP Interview Questions With Scenarios Note: Check the patch cycle log is important to fix any issues.  Location: $ADOP_LOG_HOME Useful Adop Commands Click here 1.What is ADOP concept in oracle apps Online patching is the most important new feature in Oracle E-Business Suite Release 12.2. It is the ability to patch a running system without having to take the system down for a significant period of time while the patches are applied. 'adop' is the utility we use to apply patches in R12.2 2.What is PATCH_TOP directory in R12.2 In R12.2 there is a new directory location environment variable called $PATCH_TOP which points to $NE_BASE/EBSapps/patch $NE_BASE points to <Non-Editioned-filesystem-directory> Download the patch into the patch top directory and unzip it. This is the default location where the adop will look for patch files. If you are planning to put patches in non-defualt location then you need to use adop parameter 'patchtop=<patch_path>' to...
Post a Comment
Read more