In this article, we will look into how to access the Sensitive Data Access Audit by users. We can track the user name, IP Address, viewed page, date, and time and create a report out of it for audit purposes.
Table of Contents
What is Sensitive Data Access Audit
We can audit the viewing of sensitive data in the HCM Responsive pages. We can use this information for compliance and monitoring of access to sensitive data from your browser.
Read access to the following sensitive attributes can be audited:
- National Identifier Number
- Passport Number
- Driver License Number
- Personal Home Address
- Personal Email Address
- Personal Telephone Number
- Account Number
- Citizenship Number
- Visa Number, Work Permit and Residency Number
Roles required to access this functionality:
The Sensitive Data Access Audit page is secured using a function security privilege with a privilege code of PER_VIEW_SENSITIVE_DATA_ACCESS_AUDIT_PRIV. It’s granted to the predefined IT Auditor role. If you want to allow any custom job or abstract roles to access this page, you should grant this function security privilege to the custom roles.
| Function Security Privilege | Predefined Role |
|---|---|
| PER_VIEW_SENSITIVE_DATA_ACCESS_AUDIT_PRIV | IT Auditor |
Enable Sensitive Data Access Audit
To enable auditing of sensitive data access, you need to set the Mobile-Responsive Sensitive Data View Audit Enabled (ORA_HCM_SENSITIVE_DATA_VIEW_AUDIT_ENABLED) profile option to Y.
- Go to the Setup and Maintenance work area.
- Search for and click the Manage Administrator Profile Values task.
- Search for the ORA_HCM_SENSITIVE_DATA_VIEW_AUDIT_ENABLED profile option code and select it from the search results.
- Below, set the Profile Level to site and the Profile Value to Y.
- Click Save and Close.
Once this profile option is set and the “IT Auditor” role is assigned to an user, we can use the subject areas to extract the information of the employees/users information who viewed the sensitive data.
We can extract the IP address of the user, device (Mobile/Laptop), Audit Date, Audit Time, Browser, Operating System used, Username, Page Title which was viewed, etc.
Subject Area to get this information:
We can get this information from “Workforce Management – Sensitive Data Access Audit Real Time” subject area.
Enables us to track and report the details about the sensitive data that is accessed from Oracle HCM Cloud page. For example, Jane signed in and viewed Rondi’s national identifier and signed out.
Key information that you can report on
• Viewed Person Details – The details of the person whose data has been accessed
• Viewer Person Details – The details of the person who has accessed sensitive data
• Viewed Page Name
• Viewed Sensitive Data
• Viewed Date and time
• Viewer IP address, Browser, Operating system, etc.
Sample Dashboard has been posted by Oracle team on Cloud Customer Connect forum
Detailed Live Demo has been provided by Oracle Product Managers on this feature as part of OTBI Office Hours
Backend Table to get this information:
We can also query the backend table to get this information if you want to build a custom report with multiple filters or add it to other module queries.
PER_SENSITIVE_DATA_AUDIT is the table which stores the sensitive data audit information.
Sample queries:
Query to get records by logged in user name
select * from per_sensitive_data_audit where viewer_user_name = '<YOUR_USER_NAME>' order by creation_date descQuery to get records by logged in user name & IP address of machine
select * from per_sensitive_data_audit where viewer_user_name = '<YOUR_USER_NAME>' and ip_address='<YOUR_MACHINE_IP_ADDRESS>' order by creation_date descHope this helps. Please share it with your network if you find it useful.
If you like the content, please follow us on LinkedIn, Facebook, and Twitter to get updated with the latest content.
