Audit Trial

Hello Erman,

What does it mean by guest user in username in audit trial logs?

Thanks and Regards,
Saad

for example this.

02/01/2017 15:44:51 U GUEST 117,065,267 1 1 201,702,011,544,510,000,000,000 2,550 2,550 01/02/2017 10:15:04

When a user tries to login to the EBS, EBS create a new session with GUEST user to create another session to validate the credentials of the user.

how did you enable auditing on this EBS instance? What do you audit?
For instance, if you enable auditing for all the database logins, then you will see these kinds of records.

Hello Erman,

We have followed the basic doc for enabling audit. In which this fnd_user table was also there. When i retrieve records from its shadow table I saw this guest user in audit_user_name column. So I don't know where it comes from. We have also enabled audit on database too. How can i make changes to auditing so it does not record this guest username which is not necessary?

Regards,
Saad

Also How Can I check this in UAT? Means if i want to reproduce it(see guest user in audit shadow table) What steps i should perform?

What is your EBS version?

Did you see this note -> Active Guest User Session In Signon Audit Users Report And Monitor Users Form (Doc ID 438272.1)

No Erman I didn't see this doc of OSupp. My ebs release is 12.1.3.

Regards,
SAad

Hello Erman,

So is this doc helpful for me according to my release? If not can you suggest any other doc...

Thanks and Regards,
Saad

This may be related with your problem.
Check this ->Forgot Password Function Shows GUEST As The Password Record Update Owner (Doc ID 1502551.1)

This is for EBS 12.1 and it is specially for fnd_user last_updated_by column, but it may indirectly fix your problem as well.
Check the last_updated_by column of fnd_user. If you see any GUEST or null there, then apply the patch documented in the above document.

What exactly this audit record for GUEST produced for?

It is hard to interpret the following info that you sent;

02/01/2017 15:44:51 U GUEST 117,065,267 1 1 201,702,011,544,510,000,000,000 2,550 2,550 01/02/2017 10:15:04

Send me the columns associated with the above record

Okay.
I checked the colums.
It seems GUEST is set for the AUDIT_USER_NAME
and "U" is for the transaction type, which is update in this case.
So , I guess this record is written after a password reset.

Read this as well, Can The FND_USER Table Be Used For Auditing Purposes In Tracking The Password Changes (Doc ID 1642530.1)

Audit trail in EBS, just copies the old data from the main table to the shadow table, so probably your fnd_user has records that include GUEST as the user name.
As I mentioned earlier, check "Forgot Password Function Shows GUEST As The Password Record Update Owner (Doc ID 1502551.1) ", but you may need to live with it...

Ref: 1642530.1
Updating or Deleting operations will pull the old data in main table and insert it into audit table.  Here the column value for AUDIT_USER_NAME COLUMN pulling the data is from the main table.  The Audit Trail in not being used in the intended way and so the custom report shows incorrect information.  Trying to track who changed the data (User Password) which is not audit trail functionality.  The Audit trail functionality is to simply copy the value that was in the table column before the latest change.