A closer look at Oracle IDM Auditing

Posted on July 30, 2014 by Abhishek

Reporting is a vital functionality in any product which deals with sensitive information. Same applies to Identity & Access Management tools. Oracle IDM’s Auditing module acts as a foundation for its OOTB Reporting capabilities. Let’s take a quick look at Auditing engine and how it facilitates the Reporting functionality within OIM

The use case presented here is simple – change to a user record in OIM.

What are the sequence of events which get triggered from an Audit perspective?

This is best explained by a diagram. I came up with the figure below in an attempt to better articulate the process.

 

oim-auditing

Although the diagram is self explanatory, a theoretical translation of the same is not going to harm us! 🙂

  • The updated/created user record gets pushed into the USR table (stores the user information) – Its a normal process by which the information gets recorded in the OIM Database
  • The information is further propagated by the OIM Auditing engine (as a part of core back end server logic) and it initiates a transaction
  • The Audit Engine inserts a new entry in the AUD_JMS table as a part of the audit transaction completion. The AUD_JMS table is nothing but a staging table
  • The Issue Audit Messages scheduled job picks up the Audit messages in the AUD_JMS table and submits the key to the oimAuditQueue JMS queue.
  • The MDB corresponding to the queue initiates the Audit data processing – the data is seeded into the UPA table. This data is in the form of XML. These are snapshots of the user profile at the instant when the user record was actually modified/created. The UPA table also stores the delta (changes to the profile)
  • Finally, the Post processors of the Audit engine pick up the XML snapshots from the central UPA table and store them in specific audit tables (in a de-normalized format) like UPA_USR, UPA_USR_FIELDS, UPA_RESOURCE, UPA_UD_FORMS etc
  • These tables serve as the primary source of information for the Reporting module. If you have ever worked on the OIM Reporting module, I am sure you can relate to the Data Sources which you configure on your BI Publisher instance – these are for executing direct queries on the above mentioned Audit tables for its data.

That’s pretty much it ! This was not a coverage of the entire Audit module in OIM, but a preview of HOW the process is orchestrated on a high level.

Thanks for reading! 🙂

About Abhishek

Loves Go, NoSQL DBs and messaging systems
This entry was posted in Oracle Identity Governance, Oracle Identity Manager and tagged , , , , , , , . Bookmark the permalink.

3 Responses to A closer look at Oracle IDM Auditing

  1. Manoj says:
    May 27, 2015 at 5:30 am

    Hi Abhi,

    I changed Department Number(USR OOTB Filed) and i m not getting records in UPA tables related to this table.

    AUD_JMS table is blank and i waited almost full day after this change!
    Could you please help me with this

    System property is at Process Form level
    Schedule job run fine.

    Thanks.

    Like

    Reply
  2. Shashi Kant says:
    December 27, 2016 at 8:28 pm

    Really informative.Thanks.

    Like

    Reply
  3. Ram says:
    July 5, 2019 at 9:44 pm

    Great Info, Very much simplified to understand.

    Like

    Reply

Leave a comment