Вы находитесь на странице: 1из 43

Enable Audit trails for Oracle apps tables

Posted by Abhijit Ray April 8, 2012 1 Comment


Filed Under audit installations, audit query, audit tables, audittrail group,
audittrail update tables, FND_AUDIT_COLUMNS, fnd_audit_groups,
FND_AUDIT_TABLES, fnd_tables

The audit trail functionality in Oracle apps allows Apps administrators to monitor data changes
made on Oracle tables. Audit trail is not enabled by default as this means additional load on the
server. Once audit trail is enabled for a particular table, Oracle creates a table with the same
name and appends _A to the table name and creates the table with the table columns that have
been selected for audit.
For instance if audit is enabled for the seeded table AP_CHECKS_ALL then Oracle will create
an audit table named, AP_CHECKS_ALL_A, with the selected audit columns on
AP_CHECKS_ALL. Then all records inserted, updated and deleted in
AP_CHECKS_ALL will be recorded in AP_CHECKS_ALL_A.
We shall create audit trails for 2 tables, AP_BANK_BRANCHES and
AP_BANK_ACCOUNTS_ALL to demonstrate the functionality.
Login to Oracle Apps and go to System Administrator responsibility.
Step 1: Enable audit for the instance
Set the value of profile Option, AuditTrail:Activate, on the Site level to Yes.
Navigation: Profile > System

Save and close the form.

Step 2: Get the application name


Get the Application name for the 2 tables
1

Execute the following query to get the user table names and the application names,

1SELECT ft.table_name, ft.user_table_name, fav.application_short_name,


fav.application_name

FROM fnd_application_vl fav, fnd_tables ft

3 WHERE ft.table_name IN ('AP_BANK_BRANCHES', 'AP_BANK_ACCOUNTS_ALL')


4 AND ft.application_id = fav.application_id

We have checked that both tables belong to Payables application.

Step 3: Enable audit for the application


Enable audit for the application to which the base tables belong.
Navigation: Security > Audit > Install

Check the box named, Audit Enabled, for Payables. Save and close the form.

Step 4: Add table for auditing


The table has to be added in Oracle for auditing
Navigation: Security > AuditTrail > Tables
Query for the tables, AP_BANK_BRANCHES and AP_BANK_ACCOUNTS_ALL and select
the columns on which auditing will be done.

AP_BANK_ACCOUNTS_ALL

Step 5: Create AuditTrail group


Create AuditTrail group for the tables
Navigation: Security > AuditTrail > Groups
Create new Audit Trail group
Enter the values as,
Application Name: Payables
Audit Group: AP Audit Group
Group State: Enabled
Description: Audit enabled for AP tables
5

Audit Tables
Enter the table names in User Table Name and Table Name, i.e. AP_BANK_BRANCHES and
AP_BANK_ACCOUNTS_ALL.
Note that the User Table Name and Table Names should match to the entries in Step 2.

Save and close the form.

Step 6: Generate the audit tables


We need to execute a seeded program to generate the audit tables that will store the audit data.
Navigation: View > Requests
Execute the concurrent program, AuditTrail Update Tables

On program completion,

Check the log file,


1 +--------------------------------------------------------------------------+

Application Object Library: Version : 11.5.0

3
4

Copyright (c) 1979, 1999, Oracle Corporation. All rights reserved.

5
6

FNDATUPD module: AuditTrail Update Tables

7 +--------------------------------------------------------------------------8

9 Current system time is 03-APR-2012 13:40:23


1
0
1
1

+--------------------------------------------------------------------------+

1 ----->Expand Rows
2
1
3

commit

1 DELETE FROM FND_AUDIT_TABLES WHERE STATE = 'X'


4
1 DELETE FROM FND_AUDIT_COLUMNS C WHERE C.STATE = 'P' AND NOT EXISTS (SELECT
5 NULL FROM FND_AUDIT_TABLES T WHERE T.TABLE_APP_ID = C.TABLE_APP_ID AND
1
6

T.TABLE_ID = C.TABLE_ID AND T.STATE !='X')

1 ----->Update Pending Columns


7
commit

1
8
----->Delete Invalid Columns

1
9 commit
2
0

update fnd_audit_groups g set g.state='E' where g.state = 'R' and not


2 exists (select NULL from fnd_audit_tables t where t.audit_group_id =
g.audit_group_id and t.audit_group_app_id = g.application_id and t.state !
1
= 'E')

2
2
2
3

commit

2 ----->Update Triggers
4
commit

5 +--------------------------------------------------------------------------+

2
6 Start of log messages from FND_FILE
+---------------------------------------------------------------------------

2
+
7

+---------------------------------------------------------------------------

2+
8

End of log messages from FND_FILE

2
9 +--------------------------------------------------------------------------+

3
0
+---------------------------------------------------------------------------

3+
1
3
2

Executing request completion options...

3 Output is not being printed because:


3 The print option has been disabled for this report.
3
4
+------------- 1) PRINT

-------------+

3
5 +--------------------------------------+
3
6
3
7
3
8
3
9
4
0
4

1
4
2
4
3
4
4
4
5
4
6
4
7

Now all changes made in Step 2 have been updated in the database.
Audit programs given by Oracle
Program
Name

Description

Audit Trail
Update
Tables

This program activates auditing on selected tables to be audited in


Oracle. This program creates a shadow table for each audited table
and creates triggers on each audited column in the original
table.The shadow table has the same name as the audited table
appended with _A. Two views are created for each column with
the names _AC# and _AV# where # is a sequential number.

Audit Trail
Update
Datetracke
d Tables

This program to activate the date tracked columns only for HRMS
tables. For each date tracked table, this process creates an index
on the shadow table and creates a function named as,
<tablesname>_TT, and a procedure named as,
<tablename>_VP, to extract information from the shadow table
when you run the predefined audit report.

10

Scheduling the Audit Report, will populate the data into the
HR_AUDITtable for the HRMS Date tracked Tables. Schedule the
Audit Report individually for each HRMS Audit Table.Schedule the
Audit Report with the paramaters as Follows:Table Name : HRMS
Audit Table Name

Initialization : Yes
UserName : (Audit User Name)
Start Date : (Audit From Date)
End Date : (Audit To Date)
Audit
Report

HRMS Audit Tables


PER_ALL_PEOPLE_F
PER_ALL_ASSIGNMENTS_F
PAY_ELEMENT_ENTRIES_F
PAY_ELEMENT_ENTRY_VALUES_F
PAY_INPUT_VALUES_F
PER_ABSENCE_ATTENDANCES
PER_PERIODS_OF_SERVICE
PER_PAY_PROPOSALS

Step 7: Check the audit database objects


Check whether all the database objects have been created or not
1 SELECT object_name, object_type
2

FROM all_objects

3 WHERE object_name LIKE 'AP_BANK_BRANCHES_A%'


4 OR object_name LIKE 'AP_BANK_ACCOUNTS_ALL_A%'

Output
11

OBJECT NAME

OBJECT TYPE

AP_BANK_ACCOUNTS_ALL_A

TABLE

AP_BANK_ACCOUNTS_ALL_A

SYNONYM

AP_BANK_BRANCHES_A

TABLE

AP_BANK_BRANCHES_A

SYNONYM

AP_BANK_ACCOUNTS_ALL_AIP

PROCEDURE

AP_BANK_ACCOUNTS_ALL_AUP

PROCEDURE

AP_BANK_ACCOUNTS_ALL_ADP

PROCEDURE

AP_BANK_ACCOUNTS_ALL_AH

TRIGGER

AP_BANK_ACCOUNTS_ALL_AI

TRIGGER

AP_BANK_ACCOUNTS_ALL_AT

TRIGGER

AP_BANK_ACCOUNTS_ALL_AU

TRIGGER

AP_BANK_ACCOUNTS_ALL_AC

TRIGGER

AP_BANK_ACCOUNTS_ALL_AD

TRIGGER

AP_BANK_ACCOUNTS_ALL_AV1

VIEW

AP_BANK_ACCOUNTS_ALL_AV2

VIEW

AP_BANK_ACCOUNTS_ALL_AV3

VIEW

AP_BANK_ACCOUNTS_ALL_AV4

VIEW

AP_BANK_ACCOUNTS_ALL_AV5

VIEW

AP_BANK_ACCOUNTS_ALL_AV6

VIEW

AP_BANK_ACCOUNTS_ALL_AV7

VIEW

AP_BANK_ACCOUNTS_ALL_AV8

VIEW

AP_BANK_ACCOUNTS_ALL_AV9

VIEW

AP_BANK_ACCOUNTS_ALL_AV10

VIEW

AP_BANK_ACCOUNTS_ALL_AV11

VIEW

AP_BANK_ACCOUNTS_ALL_AV12

VIEW

AP_BANK_ACCOUNTS_ALL_AV13

VIEW

AP_BANK_ACCOUNTS_ALL_AV14

VIEW

AP_BANK_ACCOUNTS_ALL_AV15

VIEW

AP_BANK_ACCOUNTS_ALL_AV16

VIEW

12

AP_BANK_ACCOUNTS_ALL_AV17

VIEW

AP_BANK_ACCOUNTS_ALL_AV18

VIEW

AP_BANK_ACCOUNTS_ALL_AV19

VIEW

AP_BANK_ACCOUNTS_ALL_AV20

VIEW

AP_BANK_ACCOUNTS_ALL_AV21

VIEW

AP_BANK_ACCOUNTS_ALL_AV22

VIEW

AP_BANK_ACCOUNTS_ALL_AV23

VIEW

AP_BANK_ACCOUNTS_ALL_AV24

VIEW

AP_BANK_ACCOUNTS_ALL_AV25

VIEW

AP_BANK_ACCOUNTS_ALL_AV26

VIEW

AP_BANK_ACCOUNTS_ALL_AV27

VIEW

AP_BANK_ACCOUNTS_ALL_AV28

VIEW

AP_BANK_ACCOUNTS_ALL_AV29

VIEW

AP_BANK_ACCOUNTS_ALL_AV30

VIEW

AP_BANK_ACCOUNTS_ALL_AC1

VIEW

AP_BANK_BRANCHES_AIP

PROCEDURE

AP_BANK_BRANCHES_AUP

PROCEDURE

AP_BANK_BRANCHES_ADP

PROCEDURE

AP_BANK_BRANCHES_AH

TRIGGER

AP_BANK_BRANCHES_AI

TRIGGER

AP_BANK_BRANCHES_AT

TRIGGER

AP_BANK_BRANCHES_AU

TRIGGER

AP_BANK_BRANCHES_AC

TRIGGER

AP_BANK_BRANCHES_AD

TRIGGER

AP_BANK_BRANCHES_AV1

VIEW

AP_BANK_BRANCHES_AV2

VIEW

AP_BANK_BRANCHES_AV3

VIEW

AP_BANK_BRANCHES_AV4

VIEW

13

AP_BANK_BRANCHES_AV5

VIEW

AP_BANK_BRANCHES_AV6

VIEW

AP_BANK_BRANCHES_AV7

VIEW

AP_BANK_BRANCHES_AV8

VIEW

AP_BANK_BRANCHES_AV9

VIEW

AP_BANK_BRANCHES_AV10

VIEW

AP_BANK_BRANCHES_AV11

VIEW

AP_BANK_BRANCHES_AV12

VIEW

AP_BANK_BRANCHES_AV13

VIEW

AP_BANK_BRANCHES_AV14

VIEW

AP_BANK_BRANCHES_AV15

VIEW

AP_BANK_BRANCHES_AV16

VIEW

AP_BANK_BRANCHES_AV17

VIEW

AP_BANK_BRANCHES_AV18

VIEW

AP_BANK_BRANCHES_AV19

VIEW

AP_BANK_BRANCHES_AV20

VIEW

AP_BANK_BRANCHES_AV21

VIEW

AP_BANK_BRANCHES_AV22

VIEW

AP_BANK_BRANCHES_AV23

VIEW

AP_BANK_BRANCHES_AV24

VIEW

AP_BANK_BRANCHES_AV25

VIEW

AP_BANK_BRANCHES_AC1

VIEW

Describe one of the tables for which we enabled audit now. Say, AP_BANK_BRANCHES. You
will find several triggers on this table that have been added by the AuditTrail Update
Tables program. These triggers will ensure that the audit data is populated in the audit tables as
soon as there is DML operation on the tables on which audit has been turned on.

The program has created these triggers along with other database objects given in the list above.
Note: All audit metadata is stored in the following tables,
14

1. FND_AUDIT_SCHEMAS
2. FND_AUDIT_TABLES
3. FND_AUDIT_COLUMNS
4. FND_AUDIT_GROUPS

Testing audit trail


Now audit is enabled for these 2 tables. Let us test the functionality by making changes on the
bank accounts and branches.
Open the Bank Account form.
Responsibility: AP responsibility
Navigation: Setup > Payment > Banks
Query for an existing bank branch

15

Update the alternate name of the Bank to Test Branch.

16

Save the form.


Query the database,
select * from AP_BANK_BRANCHES_A where bank_branch_id = 633265 order by

1audit_timestamp desc

Note that all audit tables are named in the order of, <>_A. That means if the base table name is
AP_BANK_BRANCHES then the audit table name corresponding to this table will be named,
AP_BANK_BRANCHES_A
17

Scroll right to see the data

Note that the bank_branch_id is 633265


We shall now see how the audit report looks like.
Responsibility: System Administrator
Navigation: Security > AuditTrail > Audit Trail Reporting > Audit Query Navigator

18

Drop down the Functional Groups section

19

Select AP Audit Group as the AP_BANK_BRANCHES table is in this group (as set up in Step 3
above). Select this group.

20

Now select the table AP_BANK_BRANCHES table,

21

Now all the modified bank branches are shown. We can select the bank branch id, 633265, for
the bank branch by scrolling down.

22

Select the bank branch id, 633265. A new form opens with the details of change on this bank
branch.

23

2 lines are shown for this bank branch. The line with Transaction Type, Current, is for the latest
values of the bank branch. Click on Vertical View button.

24

After scrolling down in the Details section, you can see the previous value of
BANK_NAME_ALT column in the table contains the current value, Test branch, and the old
value was null.
Now go back to the Bank branch form and query for the same bank branch.
Update the Alternate Name field of the bank to Updated Again.
Now if you check the audit trail form again you will see the latest record as shown below,

25

Click on the 2nd record. This is the record which was created for the previous update on the Bank
Branch.

26

Note that the field now shows the previous value and compares the value with the current value.
This means that any record entered in the master record is compared with next the audit record.
We can query for the record in the database as well.
SELECT audit_timestamp, audit_sequence_id, audit_transaction_type,
audit_user_name, bank_name_alt

2 FROM ap_bank_branches_a
3 WHERE bank_branch_id = 633265

27

Note that the current record can be compared with the previous value. For every update on a
record the audit_sequence_id will increment by 1.
Let us make changes using another Bank Branch on the same fields multiple times. Ensure that
the form is changed each time the values are changed. Query the audit table in the database once
again with the same query,
This bank branch id is 688897
1SELECT audit_timestamp, audit_sequence_id, audit_transaction_type,
audit_user_name, bank_name_alt, bank_branch_name_alt

FROM ap_bank_branches_a

3 WHERE bank_branch_id = 688897


4order by 1

28

Note that AUDIT_SEQUENCE_ID column is incremented by 1 for each update made on the
same data or record in the base table. This is the audit process for any table that has to be
monitored by the administrators/users
Audit trails can be enabled for custom tables also provided the tables are registered in Oracle
Apps. We shall talk about table registration in a follow-up article later on.

Audit trail reporting


Posted by Abhijit Ray October 27, 2012 Leave a Comment
Filed Under Audit Group, Industry template
This article talks about the process of getting audit reports from Oracle. We have used the same
setup that we have discussed in this article.
Setup Audit Trail Reports
Responsibility: System Administrator
Step 1: Create a new Audit Industry Template
29

Navigation: Security > AuditTrail > Audit Trail Reporting > Audit Industry Template

Query the form to check if any existing Industry template exists or not.

30

We find an already existing template and therefore we shall not create another industry template.
Add the Group as the Functional Group in this template.

31

Select AP Audit group.

Save and close the form.


Step 2: Set the audit report
32

Navigation: Security > AuditTrail > Audit Trail Reporting > Audit Report

Enter the details

Click on Select Columns button.

33

Select the columns for which you want to run the report. We have selected 1 column,
BANK_ACCOUNT_NUM, from the table, AP_BANK_ACCOUNTS_ALL.
Click on Print Options button.

It opens the printing options window and you can enter the printer details if you want to. We do
not want the report to be printed to a printer and so we shall click on Cancel button to come back
to the Select Reporting Columns form.
On the Select Reporting Columns form click on Run Report button.

34

The report is submitted and the request id is displayed. Now go to View > Requests > Find to
check the concurrent requests.

Click on View Output button.

35

The output will display all changes made by SA1 user on the BANK_ACCOUNT_NUM
column of this table.
The report in text format,
1 Page : 1
Functional Group : AP Audit group
2
Table Name : AP_BANK_ACCOUNTS_ALL
3
Transaction Type :
User
4 Name : SA1
Date Range :
5
6
Table Name : AP_BANK_ACCOUNTS_ALL
7
Record ID : 22401
8
Audit
Audit
Audit User
BANK_ACCOUNT_
9
Timestamp
Transaction
Name
NUM
1
Type
---------------------------------------------------------------------0
---------------------------------------1
07-JUN-12 11:22 Update
SA1
088104294001
1
Record ID : 38381
1
Audit
Audit
Audit User
BANK_ACCOUNT_
Timestamp
Transaction
Name
NUM
2
Type
1
---------------------------------------------------------------------3 ---------------------------------------1
12-JUN-12 12:18 Update
SA1
200001788164
4
12-JUN-12 12:17 Update
SA1
200001788164
12-JUN-12 12:01 Update
SA1
200001788164
1
12-JUN-12
12:01
Update
SA1
200001788164
5
12-JUN-12 12:00 Update

SA1

200001788163

36

1
6
1
7
1
8
1
9
2
0
2
1
2
Record ID : 38546
Audit
Audit
Audit User
BANK_ACCOUNT_
2
Timestamp
Transaction
Name
NUM
2
Type
3
---------------------------------------------------------------------2 ---------------------------------------4
12-JUN-12 18:32 Update
SA1
00001230001
12-JUN-12 18:32 Update
SA1
00001230001
2
12-JUN-12
18:32
Insert
SA1
00001230001
5
2
6
2
7
2
8
2
9
3
0
3
1
Check changes on all the columns on this table, AP_BANK_ACCOUNTS_ALL.
Navigation: View > Requests > Single Request
Run the program named, Audit Report.
Enter the parameters as,
Table Name: AP_BANK_ACCOUNTS_ALL
Initialization: Yes

37

Click on OK and submit the request.

Once the request completes, click on View Output button. The report looks like the following,

38

In text the report is like this,


Audit Report
Report Date: 11-09-2012

14:43

Report Parameters
Table Name:

AP_BANK_ACCOUNTS_ALL

Table Type:

Non-datetracked

User:
Start Date:

SA1
(s7B01-JAN-01(s0B

39

End Date:

(s7B31-DEC-12(s0B
Audit Report

Table Name: AP_BANK_ACCOUNTS_ALL

Report Date: 11-09-2012

Primary Key: BANK_ACCOUNT_ID

14:43

Page: 1

---------------------------------------------------------------------------Audit Timestamp: 07-06-2012

11:22

Audit Session Id: 60917890

Primary Key Value: 22401


Transaction Type: Normal Update

User Name: SA1


Column Name

Old Value

New Value

-----------

---------

---------

Last Update Date 16-02-2011

07-06-2012

Last Updated By

1176

12691

Last Update

13824409

20301599

Login
---------------------------------------------------------------------------Audit Timestamp: 12-06-2012

12:00

Audit Session Id: 61030554

Primary Key Value: 38381


Transaction Type: Normal Update

User Name: SA1


Column Name

Old Value

New Value

-----------

---------

---------

Last Update Date 14-02-2012

12-06-2012

Inactive Date

14-02-2012

Last Updated By

1962

12691

Last Update

19099472

20365176

Login
---------------------------------------------------------------------------Audit Timestamp: 12-06-2012
Audit Session Id: 61030573

12:01

Primary Key Value: 38381


Transaction Type: Normal Update

User Name: SA1

40

Column Name

Old Value

New Value

-----------

---------

---------

Bank Account Num 200001788163

200001788164

Last Update Date 12-06-2012

12-06-2012

---------------------------------------------------------------------------Audit Timestamp: 12-06-2012

12:01

Audit Session Id: 61030573

Primary Key Value: 38381


Transaction Type: Normal Update

User Name: SA1


Column Name

Old Value

New Value

-----------

---------

---------

Last Update Date 12-06-2012


Inactive Date

12-06-2012

12-06-2012

---------------------------------------------------------------------------Audit Timestamp: 12-06-2012

12:17

Audit Session Id: 61030873

Primary Key Value: 38381


Transaction Type: Normal Update

User Name: SA1


Column Name

Old Value

New Value

-----------

---------

---------

Last Update Date 12-06-2012


Inactive Date

12-06-2012

12-06-2012
Audit Report

Table Name: AP_BANK_ACCOUNTS_ALL

Report Date: 11-09-2012

Primary Key: BANK_ACCOUNT_ID

14:43

Page: 2

---------------------------------------------------------------------------Audit Timestamp: 12-06-2012


Audit Session Id: 61008913

12:18

Primary Key Value: 38381


Transaction Type: Normal Update

User Name: SA1


Column Name

Old Value

New Value

41

-----------

---------

---------

Last Update Date 12-06-2012


Inactive Date

12-06-2012

12-06-2012

---------------------------------------------------------------------------Audit Timestamp: 12-06-2012

18:32

Audit Session Id: 61037197

Primary Key Value: 38546


Transaction Type: Normal Insert

User Name: SA1


Column Name

New Value

-----------

---------

Created By

12691

Bank Account

Test

Name
Bank Account Num

00001230001

Currency Code

INR

Multi Currency

Flag
Last Update Date

12-06-2012

Creation Date

12-06-2012

Last Updated By

12691

Last Update

20366178

Login
Bank Branch Id

762018

Set Of Books Id

1004

Zero Amounts

Allowed
Account Type

INTERNAL

Org Id

360

---------------------------------------------------------------------------Audit Timestamp: 12-06-2012

18:32

Primary Key Value: 38546

42

Audit Session Id: 61037197

Transaction Type: Normal Update

User Name: SA1


Column Name

Old Value

New Value

-----------

---------

---------

Last Update Date 12-06-2012


Inactive Date

12-06-2012

12-06-2012

---------------------------------------------------------------------------Audit Timestamp: 12-06-2012

18:32

Audit Session Id: 61035117

Primary Key Value: 38546


Transaction Type: Normal Update

User Name: SA1


Column Name

Old Value

New Value

-----------

---------

---------

Last Update Date 12-06-2012


Inactive Date

12-06-2012

12-06-2012
Audit Report

Table Name: AP_BANK_ACCOUNTS_ALL

Report Date: 11-09-2012

Primary Key: BANK_ACCOUNT_ID

14:43

Page: 3

***** End Of Report *****

This report also gives us the audit data in a different format. Using these seeded audit reports all
changes can be tracked and monitored by administrators. For specific requirements alerts for
alerting administrators for certain changes or custom reports
(AP_BANK_ACCOUNTS_ALL_A table) can be built to analyze the data.

43