• Post category:Security
  • Post comments:0 Comments
  • Post last modified:April 20, 2021
  • Reading time:8 mins read
You are currently viewing Importance of User and Role Access Audit Report
Importance of User and Role Access Audit Report

In this article we will try to understand the importance of “User and Role Access Audit Report” and look at how to run it.

The User and Role Access Audit Report provides details of the function and data security privileges granted to specified users or roles. This information is equivalent to the information that we can see for a user or role on the Security Console. This report is based on data in the Applications Security tables, which gets populated by running the Import User and Role Application Security Data process.

Table of Contents

Steps to Run the User and Role Access Audit Report:

Navigate to Tools > Scheduled Processes

In the Scheduled Processes work area, click Schedule New Process.

image 51 1024x253 - Importance of User and Role Access Audit Report

Search for and select the User and Role Access Audit Report process.

image 52 - Importance of User and Role Access Audit Report

User and Role Access Audit Report Parameters

Report Type – Set this parameter to one of these values to run the report for one user, one role, multiple users, or all roles.

  • All roles
  • Multiple users
  • Role name
  • User name

User Name – Search for and select the user name of a single user. This field is enabled only when Population Type is User name.

Role Name – Search for and select the name of a single aggregate privilege or data, job, abstract, or duty role. This field is enabled only when Population Type is Role name.

From User Name Starting With – Enter one or more characters from the start of the first user name in a range of user names. This field is enabled only when Population Type is Multiple users. It enables you to report on a subset of all users.

To User Name Starting With – Enter one or more characters from the start of the last user name in a range of user names. This field is enabled only when Population Type is Multiple users. It enables you to report on a subset of all users.

User Role Name Starts With – Enter one or more characters from the start of a role name. This field is enabled only when Population Type is Multiple users. It enables you to report on a subset of all users and roles.

Data Security Policies – Select Data Security Policies to view the data security report for any population. If you leave the option deselected, then only the function security report is generated.

Note: If you don’t need the data security report, then leave the option deselected to reduce the report processing time.

Debug – Select Debug to include the role GUID in the report. The role GUID is used to troubleshoot. Select this option only when requested to do so by Oracle Support.

image 54 - Importance of User and Role Access Audit Report

In the Process Details dialog box, set parameters and click Submit.

We will run this report for “Robert.Jackman” user and verify the results.

Wait for the process to complete.

Viewing the Report Results

The report produces either one or two .zip files, depending on the parameters we select. When we select Data Security Policies, two .zip files are generated, one for data security policies and one for functional security policies in a hierarchical format.

The file names are in the following format: [FILE_PREFIX]_[PROCESS_ID]_[DATE]_[TIME]_[FILE_SUFFIX].

The file prefix depends on the specified Report Type value.

This table shows the file prefix values for each report type.

Report TypeFile Prefix
User nameUSER_NAME
Role nameROLE_NAME
Multiple usersMULTIPLE_USERS
All rolesALL_ROLES

This table shows the file suffix, file format, and file contents for each report type.

Report TypeFile SuffixFile FormatFile Contents
AnyDataSecCSVData security policies. The .zip file contains one file for all users or roles. The data security policies file is generated only when Data Security Policies is selected.
Note: Extract the data security policies only when necessary, as generating this report is time-consuming.
AnyHierarchicalCSVFunctional security policies in a hierarchical format. The .zip file contains one file for each user or role.
Multiple users
All roles
CSVCSVFunctional security policies in a comma-separated, tabular format.

The process also produces a .zip file containing a diagnostic log.

For example, if you report on a job role at 13.30 on 17 December 2015 with process ID 201547 and the Data Security Policies option selected, then the report files are:

  • ROLE_NAME_201547_12-17-2015_13-30-00_DataSec.zip
  • ROLE_NAME_201547_12-17-2015_13-30-00_Hierarchical.zip
  • Diagnostic.zip

The process has generated three files as mentioned earlier.

image 55 1024x403 - Importance of User and Role Access Audit Report

Function Security Policies:

image 60 1024x361 - Importance of User and Role Access Audit Report

Data Security Policies:

image 59 1024x351 - Importance of User and Role Access Audit Report
If you like the content, please follow us on LinkedInFacebook, and Twitter to get updated with the latest content.