Auditing in OIM

Similar Messages

• Is Audit related api's are missing in OIM 11g new API's.

  Hi All,
  I want to use OIM 11g Apis to use perform tasks related to audit. But I didn't found any api in oim11g new APIs.
  Can any one suggest me what shall i do?
  Thanks,
  Iceman513

  Hello,
  Did you get any answer?
  I am also trying to generate Audit using OIM API/Direct procedure calls..
  Any help will be appreciated.
  Thanks

• Imp: Generating reports in OIM 9.1.0.2

  Hi All,
  How can we generate reports in OIM 9.1.0.2 ?
  We need to generate reports for users between two dates to keep a track of what all resources were provisioned or deprovisioned and what all changes were made to user accounts etc.
  As per my understanding, this in a single term can be said as "Auditing".
  So my question is: How can we enable Auditing in OIM 9.1.0.2. ?
  I couldn't find much on net, so I'm posting it here.
  Regards
  Nikhil

  Martin and Rajiv,
  Thanks for your help.
  I'm actually a newbie and I don't have much knowledge of OIM.
  I came to know that I can generate the above mentioned reports by writing and adapter and attaching it to a schedule task. I am aware of how to write the adapter and how the adapter is attached to the schedule task, but I'm not actually aware of what should I code in the adapter in order to fetch the required information. i.e. what should I code, that helps me to generate a report wherein I can find the provisioned resources to a particular user between a period of time.
  I am just not clear with what the approach should be in order to proceed further on this.
  Any help here would really be appreciated.
  I'm sorry for asking such kind of a question, but I'm very new to this and couldn't find a way better than this.
  Regards
  Nikhil

• OIM 11g - How to get modified data on a reconciliation event

  Hi,
  We're running OIM 11.1.1.5.2 with Ad (9.1.1) , exchange ( 9.1.1.7), dbum (9.1.0.4) and dbat (9.1.0.5) connectors.
  When we run reconciliation we can get the recon data on the event management tab of the advanced administration console, but, update succeded events show all fields mapped on the reconciliation with the new values only. For example, for AD, if an account on the target resource has its "TelephoneNumber" field updated, we can see the event, but, we cannot identify what was changed on that event was the telephone number, as the event shows all fields on the Ad account...
  Our requirement is to inform th customer as soon as the reconciliation has ocurred for each particular updated account, in a manner that is fast and easy to understand.
  We have the audit on OIM on Resource Form (XL.UserProfileAuditDataCollection) and we can see the upa tables being populated.
  Now, the question is, what is the recommended or most used way to process the information on upa tables? Is there any ootb report that maybe we're missing that shows this info? Are there api's documented to work with audit data (i just couldn't find them)?
  Having in consideration our requirement, I'm thinking on creating a new task for each process form to be triggered by "Reconciliation Update Succeeded" that executes a pl/sql to find events on upa tables related to the user and resource, then parse the generated xml and send an email with old and new values, but I want to be sure there's no ootb or simpler way to do it.
  Thanks.

  Thanks Kevin,
  I think that we found an easier way though. By setting the system property XL.EnableExceptionReports to TRUE, the tables UPA_FORMS y UPA_FORMFIELDS get populated automatically.
  This tables contain information of the fields that were modified an the reason (i.e. 'Reconciliation', 'API').
  I have created a database job that executes a stored procedure that searches for new records on upa_ud_formfields and gets the resource name, resource key, field name, old and new values and then sends an email with all modified data to the corresponding administrators for each resource. I use an auxiliary table on a different schema to keep track of records already read on previous runnings of the job.
  It takes sometime to get the info because we depend first on the running of the recon scheduled job, then the "issue audit message task" job, and finally our own job, but it works.

• API's OIM: How to access a Audit Information

  Hi Everybody!
  I work with API's OIM, i can access the audit information, for example: Users.Created By, but i dont understand how access to it! I need Help!

  There are couple of APIs are available, please have a look:
  http://otndnld.oracle.co.jp/document/products/id_mgmt/idm_903/doc_cd/javadocs/operations/Thor/API/Operations/tcAuditOperationsIntf.html

• Purge OAM/OIM 11.1.1.3 Audit Schema Data

  All,
  Does anyone know how to archive/purge audit data in OAM (IAU_BASE etc tables) and OIM (UPA etc tables).
  thanks in advance,

  any suggestion for iau_xxx tables.. I can develop similar custom scripts for iau_base, oam, oidcomponent and ovdcomponent tables, does this work?
  Prasad.

• Audit reports in OIM 9102

  We installed OIm as "Oracle Identity Manager with Audit & Compliance module",
  But I dont see any information in historical reports.
  All reports say "no records found"
  Do we have to enable Auditing somewhere?

  I have a similar issue. In log, it says:
  ERROR [XELLERATE.AUDITOR] Error while processing audit message
  java.lang.NullPointerException
  It didn't process any records till now. The AUD_JMS table has thousands of records.
  My version: 9.1.0.1865.28
  Any suggestions?

• How to clean Audit records from OIM

  Hi All,
  I need to clean Audit records in OIM that are older than 15 months and I found out the following tables contains information about audits
  1.UPA
  2.UPA_FIELDS
  3.UPA_GRP_MEMBERSHIP
  4.UPA_RESOURCE
  5.UPA_UD_FORMFIELDS
  6.UPA_UD_FORMS
  7.UPA_USR
  How to develop script to delete the records older than 15 months?
  Except UPA table, all other tables contain the column name "CREATE_DATE" & "UPDATE_DATE". what is the difference? and which one is required to implement above scenario?
  Please guide me on the same...
  Thanks in advance

  Whenever you enable auditing the information about User Account Changes is captured in form of Snapshots and stored in the UPA table which would eventually flow to the remaining tales after being separated by normalizing this data using a post-processor internal to OIM auditing engine.
  - So for remaining tables this is used moreover for reporting purposes in OIM. If you clear the data then the you know what you are doing ?
  - Now for the primary table UPA you need to look for fields EFF_FROM_DATE & EFF_TO_DATE

• OIM 11g R2 Auditing

  I have auditing (sys property XL.UserProfileAuditDataCollection) set to Process Task which should capture all the events according to the docs found at http://docs.oracle.com/cd/E27559_01/admin.1112/e27149/system_props.htm#BACGIDCH.
  I bounced the OIM managed server and changed a user's email address. It seems like it doesnt add an entry in upa_usr table for the change. Does OIM 11g R2 store these info in other tables?

  Hey Dj,
  No, It stores into same Upa_tables. Probably the SQL you are doing mybe wrong or missing something. Try this join below:
  from usr b, upa_usr c, upa_fields a
  where 1=1
  and c.usr_key=b.usr_key
  and a.upa_usr_key = c.upa_usr_key
  and upper(b.usr_email) like upper('%thiago.leoncio%') and upper(b.usr_login) like upper('%thiago.leoncio%')
  order by a.upa_fields_key desc
  I hope this helps,
  THiago Leoncio.

• OIM 9102 Issued Audit Message null pointer

  Hi All,
  I have a 9102 system with an empty upa_ud_formfields table. We tried running the Issue Audit Message job (which was disabled for some reason) and got a NPE.
  I found the same thing here but never answered.
  Re: Audit reports in OIM 9102
  any help would be appreciated.
  Thanx
  Fred

  1. XL.EnableExceptionReports needs to be set to TRUE and XL.UserProfileAuditDataCollection needs to be set to Resource Form.
  2. In the Audit Report Developers Guide, section 5.3.1 Using the UPA Form Data Upgrade Utility, you need to perform the steps to enable the usable of these fields (http://download.oracle.com/docs/cd/E14049_01/doc.9101/e14045/reporting.htm#CEGFCIAD).
  3. Restart Server.
  -Kevin

• Make Audit Reports in OIM 9.1.0.1

  Hello Gurus,
  I need to put in my report the pcq_question from table pcq, but this information was encrypted. How can i make visible this information? I need this in my audit report!!!
  Thank you very much,
  Thiago Leôncio

  Try this.
  It will be useful.
  Re: Validate Challenge Questions via API

• SOA suite / OIM composite auditing

  Hello. If I use Enterprise Manager, I can navigate to a particular composite instance (an approval workflow) and view the XML data which contains the contents of the request.
  Does anyone know where this data is stored in the SOAINFRA tables? I can see information about approvals (wftask table) but am looking for the request data programatically.
  Thanks.

  Not sure about the tables as my requirement was to read the payload xml values in the SOA workflow itself. I can however suggest a workaround if you don't know the SOAINFRA tables. You can use jdbc sensor and put sensor variables and sensor activities to write the variables & activities information to your custom table and then read it from there. You can have many types of sensors with jdbc being one, file writer being another and etc.
  Sensors are good for auditing and you can develop your own sensors as per requirement.
  http://docs.oracle.com/cd/E23943_01/dev.1111/e10224/bp_sensors.htm
  http://technology.amis.nl/2008/07/22/debug-logging-in-bpel-using-sensors-part-1/
  -Bikash

• Approval audit data in OIM

  Hello,
  There are few old requests in OIM (1 years old)=> database table data indicates request was "assignedto A and B approved" ... (how to gather information why was that? may be, if B was a proxy for A during that time?)
  Thanks,

  Compare these things:
  1-Dates of PXD table(PXD_START_DATE and PXD_END_DATE);
  2-get request details: REQ_ID of REQ table;
  3-Go to ORC table with req_id and select the field ORC_ASSIGNED_TO;
  hope this helps,
  Thiago Leoncio Guimaraes

• OIM 11g approval auditing

  Is there any way to query the database to show approvals / status for OIM 11g approval workflows? The goal is a report in BI Publisher.
  Thank you

  You can query SOA table, WFTASK and WFTASKHISTORY

• OIM: How to Audit Password Challenge Q&A changes

  Hi,
  I set the audit level in my System Configuration to "Process Task" which is the highest level. I get most of the user's profile changes audited, except for the password challenge questions and answers. I know these are written on a different table (PCQ), but is there a way to audit and get report on these changes as well, without getting into custom reports?
  Any pointers are appreciated
  Thanks

  you could look at sys.user_history$ for password change dates. Join to dba_users on user_id = user#. This table, for security reasons, is only accessible to the sys user..