In this article we will try to understand the importance of “User and Role Access Audit Report” and look at how to run it.
The User and Role Access Audit Report provides details of the function and data security privileges granted to specified users or roles. This information is equivalent to the information that we can see for a user or role on the Security Console. This report is based on data in the Applications Security tables, which gets populated by running the Import User and Role Application Security Data process.
Table of Contents
Steps to Run the User and Role Access Audit Report:
Navigate to Tools > Scheduled Processes
In the Scheduled Processes work area, click Schedule New Process.
Search for and select the User and Role Access Audit Report process.
User and Role Access Audit Report Parameters
Report Type – Set this parameter to one of these values to run the report for one user, one role, multiple users, or all roles.
- All roles
- Multiple users
- Role name
- User name
User Name – Search for and select the user name of a single user. This field is enabled only when Population Type is User name.
Role Name – Search for and select the name of a single aggregate privilege or data, job, abstract, or duty role. This field is enabled only when Population Type is Role name.
From User Name Starting With – Enter one or more characters from the start of the first user name in a range of user names. This field is enabled only when Population Type is Multiple users. It enables you to report on a subset of all users.
To User Name Starting With – Enter one or more characters from the start of the last user name in a range of user names. This field is enabled only when Population Type is Multiple users. It enables you to report on a subset of all users.
User Role Name Starts With – Enter one or more characters from the start of a role name. This field is enabled only when Population Type is Multiple users. It enables you to report on a subset of all users and roles.
Data Security Policies – Select Data Security Policies to view the data security report for any population. If you leave the option deselected, then only the function security report is generated.
Note: If you don’t need the data security report, then leave the option deselected to reduce the report processing time.
Debug – Select Debug to include the role GUID in the report. The role GUID is used to troubleshoot. Select this option only when requested to do so by Oracle Support.
In the Process Details dialog box, set parameters and click Submit.
We will run this report for “Robert.Jackman” user and verify the results.
Wait for the process to complete.
Viewing the Report Results
The report produces either one or two .zip files, depending on the parameters we select. When we select Data Security Policies, two .zip files are generated, one for data security policies and one for functional security policies in a hierarchical format.
The file names are in the following format: [FILE_PREFIX]_[PROCESS_ID]_[DATE]_[TIME]_[FILE_SUFFIX].
The file prefix depends on the specified Report Type value.
This table shows the file prefix values for each report type.
Report Type | File Prefix |
---|---|
User name | USER_NAME |
Role name | ROLE_NAME |
Multiple users | MULTIPLE_USERS |
All roles | ALL_ROLES |
This table shows the file suffix, file format, and file contents for each report type.
Report Type | File Suffix | File Format | File Contents |
---|---|---|---|
Any | DataSec | CSV | Data security policies. The .zip file contains one file for all users or roles. The data security policies file is generated only when Data Security Policies is selected. Note: Extract the data security policies only when necessary, as generating this report is time-consuming. |
Any | Hierarchical | CSV | Functional security policies in a hierarchical format. The .zip file contains one file for each user or role. |
Multiple users All roles | CSV | CSV | Functional security policies in a comma-separated, tabular format. |
The process also produces a .zip file containing a diagnostic log.
For example, if you report on a job role at 13.30 on 17 December 2015 with process ID 201547 and the Data Security Policies option selected, then the report files are:
- ROLE_NAME_201547_12-17-2015_13-30-00_DataSec.zip
- ROLE_NAME_201547_12-17-2015_13-30-00_Hierarchical.zip
- Diagnostic.zip
The process has generated three files as mentioned earlier.
Function Security Policies:
Data Security Policies:
If you like the content, please follow us on LinkedIn, Facebook, and Twitter to get updated with the latest content.