

Understanding the Value and

Functionality of Oracle EBS Audit
Trail
March 7, 2023

Data is an extremely crucial and sensitive resource for any enterprise that regularly stores classified,
confidential business data and information such as customer records, credit card information, and
financial details. At the same time, it is essential to understand that corrupt, erroneous, or
compromised data is equivalent to lost revenue, lost time, unhappy customers, or reduced employee
satisfaction. Data repositories on Oracle Database servers need a high-priority data security provision
to safeguard from internal and external security breaches.

People and business processes commonly use multiple applications and technologies. Database
auditing is vital to application logging and security monitoring as direct database access can be used to
bypass application controls. By default, upon installation, Oracle E-Business Suite only audits and logs
a limited set of information including:


Basic user login information

Unsuccessful password attempts

Concurrent program execution

Creation and last update information for most records

E-Business Suite Audit Trail

Any Oracle E-Business Suite table can be chosen to have row changes audited, and auditing can be
performed at the row or column level. By default, tables are not audited. Auditing frequently accessed
Privacy - Terms
tables (specifically: transactional tables) may cause severe database performance issues; therefore,
auditing must be meticulously designed. Audit Trail information is accumulated and stored in separate
database tables detailing the user information and types of updates.

Steps to Configure E-Business Suite Audit Trail

Oracle E-Business Suite Audit Trail functionality only tracks inserts, updates, or deletes; whereas the
database’s native auditing capability can also track selects on tables. Oracle E-Business Suite Audit Trail
maintains a comprehensive history of changes made at the table and column level. Audit Trail is
enabled by a shadow table (table name appended with “_A”) of the audited table and triggers on the
audited columns. A concurrent program is used to create the shadow table and triggers.

Auditing database row changes is very resource intensive and can cause significant database
performance problems. Prudent planning and reviews by a DBA must be completed before allowing
any auditing. Only a minimal amount of auditing should be done, and it should be limited to non-
transactional data. Any auditing on transactional data may cause substantial performance degradation
of the entire application. Tables with more than a few changes an hour should not be considered for
row-level auditing.

Exhibit 1: Steps to Configure E-Business Suite Audit Trail

You can review what has been set up for auditing. This functionality is accomplished by a navigation
tree that starts with the industry template and drills down to groups, tables, and columns. With the
navigator, you have a drill-down view of what columns are being audited. A search capability is
provided for searching a specific table or column on the tree.
Exhibit 2: Definition of Roles and Responsibilities

Stopping the Audit Trail

It is required to set the audit group state to either “Disable-prepare for archive”, “Disable-Interrupt
Audit”, or “Disable-Purge Table” and run the “Audit Trail Update Tables” report to stop auditing.

Variable Description

Disable – Prepare for Copies the current values of all rows in the audited table into the
Archive shadow table, and then disables the auditing triggers. This option
requires the most space since there is at least one row in the shadow
table for every row in the audited table (and another row in the
shadow table for each transaction on the original row in the audited
table). You should then archive the table before you empty the
shadow table.

Disable – Interrupt Audit Modifies the triggers to store one final row in the shadow table as the
audited row is modified in the audit table (remember that a given row
in the shadow table represents the data in the audited row before an
update). Inserts or further changes are no longer audited. The shadow
table then grows slowly, and the data may be accessed by the existing
audit views.

Disable – Purge Table Drops the auditing triggers and views and deletes all data from the
shadow table.

Exhibit 3: Variable Descriptions

The Audit Trail definitions (and auditing) do not go into effect until the Audit Trail Update Tables Report
has been run. If any changes are made to the definitions later, then the program should be re-run. To
submit the Audit Trail Update Tables concurrent request, it is suggested to use the standard submission
(Submit Reports) form. Upon execution, the Audit Trail Update Table concurrent request performs the
following tasks:

Exhibit 4: Tasks Performed After Concurrent Request

Sharing an Example – How to Enable Audit Trail on

Oracle E-Business Suite
a) Set the Audit Trail Profile Option:

The System Profile Option “AuditTrail:Activate” must be set to Yes, the default value for
“AuditTrail:Activate” is null (which equals No).

b) Ensure that Audit on the Application is Enabled:

Considering an example of the FND_USER table whose owner is APPLSYS, you should query on
APPLSYS to ensure that Audit is enabled.

Navigate to the System Administrator Menu Security/AuditTrail/Install.

c) Define the Audit tables and add the desired columns on which you want to enable Audit Trail.

Navigate to the System Administrator Menu Security/AuditTrail/Groups.

d) Create a New Audit Group and Associated Tables:

Navigate to the System Administrator Menu Security/AuditTrail/Groups. Create the group and add the
audit tables to the group [you can add more than one table if desired].
e) Run the concurrent program “AuditTrail Update Tables”:

Running this request will create the audit tables and the triggers that will manage the audit data.

f) Run the concurrent request “AuditTrail Report for Audit Group Validation” to validate the
success of the Audit Table/Trigger creation.
g) Define an Industry Template containing the Audit Group:

Navigate to the System Administrator Menu Security/ Audit Trail/ Audit Trail Reporting/Audit Industry
Template.

h) Create a new user and “end date” the user to test the Audit Trail by running the Audit Report.

Navigate to the System Administrator Menu Security/ Audit Trail/ Audit Trail Reporting/Audit Report.
It will submit the concurrent program “Audit Trail Report” whose output can be used for Audit
reporting.
Devising the Right Auditing Strategy for Oracle E-
Business Suite
Although auditing is relatively inexpensive, it is advised to restrict the number of audited events as
much as possible. This helps to minimize the performance impact on the execution of audited
statements and the size of the audit trail, making it easier to analyze, scrutinize, and understand the
outcomes of the audit.

Use the following general guidelines when devising an auditing strategy:


Have a clear understanding of the reasons and purpose to prevent unnecessary auditing.

To have a clean audit, determine the types of activities and the amount of time necessary to gather
the information.

Only audit targeted database activities to reduce the Audit Trail administration.

Archive audit records and purge the audit trail after the required information has been collected.

Create one or more indexes of the shadow table to speed up report generation.
Note: Indexes decrease performance during transactions auditing, so indexes should be dropped
from the shadow table when the reporting is done. Another alternative is to move audit data to an
operational data store for reporting purposes.

Conclusion
Oracle E-Business Suite has an auditing mechanism called Audit Trail. Audit Trail allows administrators
to manage and maintain a chronicle of changes: what changed, who changed it, and when it was
changed. This amazing functionality holds a full history of modifications made at the table level. With
Audit Trail, it can be effortlessly determined how a particular data row or element acquired its current
value. Most of the field information; including character, number, and date fields; can also be tracked
easily to get further insights that may hold significance for the business.

Syntax offers comprehensive consulting services for leading databases and ERP applications, enabling
companies to leverage our in-depth knowledge to negate this significant threat to business operations.
We assist companies in securing their largest and most important applications through detailed
security audits and actionable recommendations.

RETURN TO BLOG

Recent Posts

How Does Online Patching Work in EBS 12.2?

Enable Cloud Guard to Maintain a Strong Security Posture in OCI for no Additional Cost

JD Edwards Orchestrator: Orchestration Inputs from Form Extensions

How Can Exadata Smart Flash Cache Improve Storage Performance?

Understanding the Value and Functionality of Oracle EBS Audit Trail

How can we help you?

FIRST N AME*

L AST N AME*

BUSIN ESS EMAIL*

W H AT I S YO U R CO R E E R P ? *  JDE  SAP  E BS  OT H E R

HOW CAN WE HELP?

Syntax is committed to protecting and respecting your privacy. We will only use your personal information to administer your account as
you’ve requested. Occasionally, we would like to contact you about our products and services. If you consent to us contacting you, please
tick the checkbox to enable email communication from Syntax. You can unsubscribe at any time. For more information, please review our
Privacy Policy. By clicking submit, you consent to allow Syntax to store and process the personal information submitted to provide you
the content requested.

 I agree to receive other communications from Syntax*.

SUBMIT
 1-866-705-6385 [email protected]

Legal Notices Terms Privacy Policy EU-US-shield Services Privacy Policy

© Syntax 2023