Auditing Database columns in Oracle R12

We normally get the requirement to develop a report in order to track the changes on some of the columns of few important base tables like AP_SUPPLIERS, AP_SUPPLIER_SITES_ALL or values in Key value sets etc. Business needs this tracking mechanism to insure a check on changes.

This learning discusses: 1. Functionality provided by Oracle in Release12 for Auditing. 2. Limitations of this seeded functionality. 3. Custom functionality Demo to overcome these limitations. 4. Demo from Release11i to obtain old and new values in a single query. What Is Auditing and why is it needed? Whenever a user inserts a value into a column or updates / deletes the value of column, business needs to track these operations. To capture this information is called as Auditing. Let us have a look at the different scenarios where business needs tracking of information: 1. Many a times, Set up team of business needs to change some or the other information of the supplier information. Since supplier information is of utmost importance to business, business needs to ensure proper accountability while dealing with this supplier information. Here arises a need for business to keep a track on this information i.e. Enable Audit on them. 2. Consider a case of Sales Orders. When a sales order is created for a customer either from Quote or sales agent create that manually, it goes through series of changes like quantity or item related changes. In order to avoid misuse by users by changing this critical information for their own benefit, business needs to enable the Audit on this information. Oracle has provided a seeded feature to capture this information in shadow tables and views. In Release12, oracle has also provided a report on these Audited tables. We can use this seeded report directly for reporting purposes or we can use this captured information to create a custom report depending on the Business requirements

How This Works? Whenever we need to enable Audit on a particular table, the following things take place. 1. Enable the Audit Profile at site level. 2. Enable the Audit for the Schemas to which the Auditing table belongs. 3. Create an Audit Group and define the tables on which we need to enable the Audit. 4. Include the Column names on which Audit needs to be performed. 5. Run the concurrent program Audit Trial Update Tables to create Audit tables and views to capture the changed information. This also creates the triggers on the base tables to capture Insert / Update / Delete Information, which inserts data into newly created Audit Tables. 6. Define Audit Industry template for created Audit Group. 7. Now run the Audit Report for created Audit Group and see the output We need to do few audit setups to capture the inserted/modified data. We need to do the setup on the columns tables on which we want to do the audit. Oracle creates the triggers to capture the changes happened to these columns and inserts the data into shadow tables/views. Once we have the data stored in shadow tables/views, we can retrieve these data as we required. Few important points: We can enable audit on Maximum of 240 columns for a given table. We cannot enable audit on LONG, RAW, or LONG RAW columns. Audit group must include all columns that make up the primary key for a table; these columns are added to audit group automatically. Once we add a column to an audit group, we cannot remove it.

Seeded Functionality (R12) Demo

Consider the following scenario: We have a requirement where we need to capture the changes in vendor_name of AP_SUPPLIERS AND vendor_site_code of AP_SUPPLIER_SITES_ALL. Now let us see the detailed Stepwise approach to achieve this in R12. 1. Enable Audit Trail Profile Set the system profile AuditTrail:Activate to Yes at the site level. Navigation: System Administrator Responsibility-->System--->Profile

2. Enable Audit for Schemas We need to enable the audit for the schemas which are the owners of the tables, on which we are doing audit. We need to include APPS schema in every case. In this case we need to enable audit for AP and IBY (as it is the owner of the tables AP_SUPPLIERS and AP_SUPPLERS_SITES_ALL, IBY_EXT_BANK_ACCOUNTS and IBY_PMT_INSTR_USES_ALL).

Navigation: System Administrator Responsibility--->Security--->AuditTrail--->Install

3. Audit Group Creation Navigation: System Administrator Responsibility--->Security--->AuditTrail--->Groups. Here we need to create the Audit Group under Payables Application. Create an audit group with a proper naming convention, and select the group state as Enabled. Now include the table names AP_SUPPLIERS , AP_SUPPLIER_SITES_ALL, IBY_EXT_BANK_ACCOUNTS and IBY_PMT_INSTR_USES_ALL

4. Specify the Columns to be Audited By default, Oracle has specified few columns under few tables that are Audit enabled. Check whether columns which we want to audit exists under these particular tables. If not include the columns. In this case (R12) Oracle has included few columns under AP_SUPPLIERS and AP_SUPPLIER_SITES_ALL. We dont have the vendor_name under AP_SUPPLIERS. So include it. Navigation: System Administrator Responsibility--->Security--->AuditTrail--->Tables

5. Run the concurrent request Now in order to create the Audit tables and corresponding views for the base tables that we want to audit, we need to run a concurrent request from System Administrator responsibility.

After the successful completion of the request, the audit tables and views will be created in the database. This will create following Audit tables: AP_SUPPLIERS_A for AP_SUPPLIERS AP_SUPPLIER_SITES_ALL_A for AP_SUPPLIER_SITES_ALL Also it will create following main views based on base table and Audit table. AP_SUPPLIERS_AC1 for AP_SUPPLIERS AP_SUPPLIER_SITES_ALL_AC1 for AP_SUPPLIER_SITES_ALL

This will create Audit views on individual columns too. These will be in the form of TABLE_NAME_AV% Query it with following command for the audit views of the table AP_SUPPLIERS SELECT * FROM all_objects WHERE object_name LIKE 'AP_SUPPLIERS_AV%'

We are nothing to do with these audit tables and columns. Oracle has used these tables and views and developed a report to report the changed data in these columns.

6. Run the Audit Report Now run the report Audit report from System Administrator responsibility. To do so we need to follow few steps as mentioned below. Create template SUPPLIERS TEMPLATE to include the audit group (the one we created to include the columns while doing the audit setup) i.e. AUDIT SUPPLIERS under Functional group. Navigate--->Audit Trial--->Audit Trial--->Reporting--->Audit Industry Template

Then run the report by navigating Navigate--->Audit Trial--->Audit Trial--->Reporting--->Audit Report

And pass the parameters for the remaining as per the requirement. Let us run the report for T&B Group.

Here we are passing null for all fields So it tries to report the data which is Transacted by All users, of all transactions, the data which has been changed before or equal to system time.

Select the VENDOR_SITE_CODE under the table name AP_SUPPLIER_SITES_ALL and VENDOR_NAME under the table AP_SUPPLIERS and Bank_ name from IBY_EXT_BANK_ACCOUNTS. Run the report.

Limitations with the Seeded functionality (R12)

1. Displaying the columns limited to 5.

As explained above, we cant report more than 5 columns at one instance. 2. Shows only current values: The repot displays only current values which we have in the base tables and not the old values.