Regarding audit in EBS 12.2

Hello Erman! I have some questions regarding audit in an EBS instance:

1. How can we enable audit for activities done by admin users (SYSADMIN and users with System Administrator, System Administration privileges) and how can we see the audit logs?

2. Suppose there is a table PER_ALL_PEOPLE_F and we want to audit insert, update, delete on it. We can enable database audit on it and also we can do it by setting up audit trail in the application tier. So which of these is the right/better way to do it? What is the difference between the logs captured by database audit Vs by EBS audit trail?

3. How can we log all inserts, updates, deletes performed by a front end user?  

1)You ca enable Sign-On Audit with Maximum Details:

See "Sign-On: Audit Level" profile option --- value "Form Audit". This captures the most detailed information, including user login/logout, responsibility used, and specific forms accessed.

2)It depends.. If you want to audit the apps context (for instance apps user info), then go with the EBS audit.. EBS audit uses database triggers and shadow tables to record historical data about changes to specific tables.. DB audit as you may already know does its job internally. Note that,  EBS audit trail does not provide the performance and integrity of the audit records that can be achieved with Oracle Database Auditing.


3)EBS audit may not be able to do that task... I mean you can use EBS Audit option (based on the profile named AuditTrail:Activate) but he captured information primarily reflects "what" (data changes) and "when" (timestamps).
While it might capture the "who" (user responsible) for some actions based on the user associated with the database session, it doesn't directly link data changes to individual front-end user activities.

You may need to go with custom methods (triggers, forms customizations, third party audit tools)

https://docs.oracle.com/cd/E26401_01/doc.122/e22952/T156458T663757.htm
See -> Oracle® E-Business Suite Security Guide

Some more reference that might help:

How to Enable Audit Trail On Tables (Doc ID 848039.1)
NOTE:60828.1 - Overview of Audit Trails in Oracle E-Business Suite Applications

Thanks a ton, Erman! I have some follow up queries:

1)You ca enable Sign-On Audit with Maximum Details:

See "Sign-On: Audit Level" profile option --- valye "Form Audit". This captures the most detailed information, including user login/logout, responsibility used, and specific forms accessed.

Q: Will the Form Audit tell "what" the user did with that form which he/she accessed?

2)It depends.. If you want to audit the apps context (for instance apps user info), then go with the EBS audit.. EBS audit uses database triggers and shadow tables to record historical data about changes to specific tables.. DB audit as you may already know does its job internally. Note that,  EBS audit trail does not provide the performance and integrity of the audit records that can be achieved with Oracle Database Auditing.

Q: Will the DB audit link data changes to individual front-end user activities?

Answer for Q1:  Auditing at the Form level performs the Responsibility and User level audit functions, and also tracks: The forms users choose How long users spend using each form

Answer for Q2: No.

Thanks again, Erman. I did not understand this - what is the use of knowing how long a user was on a particular form, if we don't know what he actually did with that form? Does the audit capture that too?

It just records the forms users choose, and the time users spend.

Thanks Erman.

In what way the time spent detail will be useful?

Tracking time spent can help assess user productivity and identify potential misuse. For example, unusually long durations on sensitive forms might warrant further investigation.