Monday Mar 24, 2014

Fusion Applications & Audit Vault

In a recent Customer Connect webcast on "Auditing Capabilities in Oracle Applications Cloud" (presentation; replay), questions were raised on how the existing audit functions offered using the Applications Audit Framework (also known as the APPLCORE Audit Framework) can be leveraged to audit the read access or selects made on specific objects and/or entities. While the Applications Audit Framework captures the insert, update or delete operations (also known as DML operations) on Fusion Business Objects, the select and read accesses on these objects can be captured using Oracle Audit Vault.

Oracle Audit Vault

Oracle Audit Vault is a separately licensed security product — certified for Fusion Applications — that gathers auditing information from remote databases and stores it in a single centralized warehouse database. It can help customers to comply with Sarbanes-Oxley (SOX) and other regulations, perform proactive monitoring and mitigate security risks.

Oracle Audit Vault can be of immense value for organizations when their IT policies demand tighter access control to the applications, especially in situations:

  • When every database change must be captured
  • When business objects, not addressed currently by Applications Audit Framework, need to be audited
  • When read access and SELECT statements need to be audited

For more information on Oracle Audit Vault and its capabilities, please review the Oracle Audit Vault Datasheet (click here).

Tuesday Dec 10, 2013

Auditing in Fusion Applications

Release 7 of Fusion Applications provides the much needed functionality of auditing, leveraging the Fusion Middleware auditing capabilities. The functionality provided in this release covers the auditing of various applications business objects and the Fusion middleware components, including the below:

  • Fusion Applications Business Objects
  • Oracle SOA Suite –SOA Metadata Customizations
  • Pages and Business Objects Extensibility
  • BI Publisher – Report request, report execution, etc.
  • ODI, ESS, MDS, OPSS

In Release 7, the audit framework provided covers both capturing and reporting the audit events. Business objects or events to be audited can be configured using Manage Audit Policies in Fusion Applications while the reporting on these captured audit events is facilitated using Audit History UI. Users with appropriate roles will be able to configure (Manage Audit Policies with Application Administrator Job Role) and view these reports (Audit History UI with Internal Auditor Job Role).

The following Oracle University sessions provide a detailed overview of the auditing functionality available in Fusion Applications.

  1. Fusion 11g Release 7 (11.1.7.0.0) TOI: Technical Overview of Audit Trail – A technical overview of configuring audit capture and audit reporting
  2. Auditing in Fusion Applications – Provides an overview of auditing the various business objects in Fusion Applications
  3. Security Audit and Reporting in Fusion Applications Release 7 – An overview of the OPSS audit in Fusion Applications
About

This blog shares with the broader Fusion Applications community instructional material in the areas of Enterprise Structures, Extensibility, Integration and Security with the a focus on implementation. This blog is updated by the Fusion Applications Implementation Solutions Task force, part of the Fusion Applications Fusion Architecture organization.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today