How to Enable Audit Trail On Tables in E Business suite R12.2

Recently I came across a requirement from a customer where they wanted to enable audit trail on EBS Application. Today I will show how to enable it.

 

Step 1.

As an example, I will be enabling auditing on table AP_CHECKS_ALL

    Navigate to Responsibility: System Administrator
    Navigation:   Profile > System
    Query Profile: 'AuditTrail:Activate'. Click FIND
    Set it to 'Yes' at Site level.

Step 2.

We will be enabling Audit Installations for username. In this case it will be AP. 

Navigate: System Admin > Security > Audit Trail >Install

Enable Audit Installation for AP

Note:- 

It is important to keep  “Audit Enabled" for a certain schema which has been enabled by default.

By default auditing is enabled for the following schemas. If any of the following schema is not enabled, it is advised to enable them.

APPLSYS GL FA AP AR INV PO CE GMA GMD GME GMF GMI GML GMP WSH FV APPLSYSPUB ZX

Step 3.

Define Audit tables and desired columns.

Before enabling the auditing on columns, please check the limitations.

The following are limitations. A.    Maximum columns 99 for a given table. Best practices are 50 columns or less due to the amount of data that audit trail generates. B.     No LONG, RAW, or LONG RAW columns C.   Your audit group must include all columns that make up the primary key for a table; these columns are added to your audit group automatically. D.   Once you have added a column to an audit group, you cannot remove it. E.    Audit Trail requires two database connections. If your operating platform does not automatically support two database connections (e.g., VMS or MPE/XL), then add the environment variable 'FDATDB=' to your environment file. F.    Because the structure of the audited table may change between product versions, Audit Trail does NOT support upgrading existing shadow tables or audited data. Before an upgrade, you should archive the shadow tables and perform all necessary reporting on the audited data.

Navigation: System Admin > Security > Audit Trail > Tables

Query for user table name ‘AP_CHECKS_ALL’ and add columns on which you want to enable trail do the same for table AP_CHECKS_ALL

Step 4:- Define an Audit Group and associated tables

    Navigation:  System Admin > Security > Audit Trail >Groups

    Create Audit group for table defined in step 3.

Here we created an audit group AP_GROUP_1 and added table name AP_CHECKS_ALL  and Save. Once added , the group state becomes enabled.

Step 4:- Run Concurrent program 'AuditTrail Report for Audit Group Validation' with parameter as your  Audit Group

Step 5.

Run concurrent program "AuditTrail Update Tables".

If the above requests complete with normal status , we can verify the audit records from backend.

Select * from ap_checks_all_A

How to change admin password in Apex 23.2

 

How to change admin password in Apex 23.2

 

In apex , admin password can be changed using two methods such as

Method 1. By executing apxchpwd.sql

Method 2. By executing sql command

Method 1. By executing apxchpwd.sql

Login to Database server  and navigate to apex installation folder and execute apxchpwd.sql as sys user.

 

[oracle@ocisoumya-2 ~]$ cd /u01/apex/apex/ [oracle@ocisoumya-2 apex]$ sqlplus / as sysdba   SQL> @apxchpwd.sql ...set_appun.sql ================================================================================ This script can be used to change the password of an Oracle APEX instance administrator. If the user does not yet exist, a user record will be created. ================================================================================ Enter the administrator's username [ADMIN] User "ADMIN" exists. Enter ADMIN's email [ADMIN] Enter ADMIN's password [] Changed password of instance administrator ADMIN.

 

 

Method 2. By executing sql command

Login to database as sys user and set the current schema as your existing apex version.

SQL> select username from dba_users where username like 'APEX%';   USERNAME -------------------------------------------------------------------------------- APEX_LISTENER APEX_PUBLIC_USER APEX_REST_PUBLIC_USER APEX_230200   SQL> alter session set current_schema=APEX_230200 ;   Session altered.   SQL> set lines 222 SQL> COLUMN first_name FORMAT A20 SQL> COLUMN last_name FORMAT A20 SQL> COLUMN default_schema FORMAT A30 SQL> COLUMN user_id Format 9999999999999   SQL> SELECT user_id, first_name,last_name, default_schema FROM   wwv_flow_fnd_user WHERE  user_name = 'ADMIN' ORDER BY last_update_date DESC;  2    3              USER_ID FIRST_NAME           LAST_NAME            DEFAULT_SCHEMA ------------------ -------------------- -------------------- ------------------------------   1395498604080259                                           APEX_230200   SQL>   Set the ADMIN user password for the id we retried from above query   SQL> UPDATE wwv_flow_fnd_user SET    web_password = 'NewApexPAssword' WHERE  user_name = 'ADMIN' AND    user_id = 1395498604080259;      Unlock ADMIN user :-   SQL> BEGIN   WWV_FLOW_SECURITY.g_security_group_id := 10;   WWV_FLOW_FND_USER_API.unlock_account('ADMIN');   COMMIT; END; /

 

 

 

Oracle REST Data Services (ORDS) Configuration on Linux 8 - Part II

 Before we proceed, the first part that includes apex installation and configuration can be found here

Download ORDS 23.4

Ords can be downloaded from Here

Download oracle JDK 17 +

https://www.oracle.com/in/java/technologies/downloads/#java17

 

Create following directories.

mkdir /u01/apex/ords_23.4 cd /u01/apex/ords_23.4 mkdir /u01/apex/ords_23.4/config mkdir /u01/apex/ords_23.4/config/ords/standalone/logs

 

Unzip the downloaded directory

[oracle@ocisoumya ords_23.4]$ unzip ords-23.4.0.346.1619.zip -d /u01/apex/ords_23.4/

Install ORDS on linux 8

[oracle@ocisoumya ~]$ cd /u01/apex/ords_23.4/bin [oracle@ocisoumya bin]$ ./ords --config /u01/apex/ords_23.4/config install --interactive --log-folder /u01/apex/ords_23.4/co              nfig/ords/standalone/logs 2024-04-01T14:40:08.532Z INFO        Your configuration folder /u01/apex/ords_23.4/config is located in ORDS product folder.                Oracle recommends to use a different configuration folder.   ORDS: Release 23.4 Production on Mon Apr 01 14:40:08 2024   Copyright (c) 2010, 2024, Oracle.   Configuration:   /u01/apex/ords_23.4/config   The option --log-folder /u01/apex/ords_23.4/config/ords/standalone/logs is located in the ORDS product folder.  Oracle recom              mends to use a different --log-folder location.   Created folder /u01/apex/ords_23.4/config/ords/standalone/logs The configuration folder /u01/apex/ords_23.4/config does not contain any configuration files.   Oracle REST Data Services - Interactive Install     Enter a number to select the type of installation     [1] Install or upgrade ORDS in the database only     [2] Create or update a database pool and install/upgrade ORDS in the database     [3] Create or update a database pool only   Choose [2]: 2   Enter a number to select the database connection type to use     [1] Basic (host name, port, service name)     [2] TNS (TNS alias, TNS directory)     [3] Custom database URL   Choose [1]:   Enter the database host name [localhost]: ocisoumya   Enter the database listen port [1521]:   Enter the database service name [orcl]:   Provide database user name with administrator privileges.     Enter the administrator username: sys as sysdba   Enter the database password for sys as sysdba: Connecting to database user: sys as sysdba url: jdbc:oracle:thin:@//ocisoumya:1521/orcl   Retrieving information.   Enter the default tablespace for ORDS_METADATA and ORDS_PUBLIC_USER [SYSAUX]: APEX   Enter the temporary tablespace for ORDS_METADATA and ORDS_PUBLIC_USER [TEMP]: TEMP   Enter a number to select additional feature(s) to enable:     [1] Database Actions  (Enables all features)     [2] REST Enabled SQL and Database API     [3] REST Enabled SQL     [4] Database API     [5] None   Choose [1]:   Enter a number to configure and start ORDS in standalone mode     [1] Configure and start ORDS in standalone mode     [2] Skip   Choose [1]:   Enter a number to select the protocol     [1] HTTP     [2] HTTPS   Choose [1]:   Enter the HTTP port [8080]:   Enter the APEX static resources location: /u01/apex/ords_23.4/config/ords/standalone/doc_root/images

copy images folder from apex installation folder to following path /u01/apex/ords_23.4/config/ords/standalone/doc_root/images which resides in ords installation directory.

[oracle@ocisoumya apex]$ cd [oracle@ocisoumya ~]$ cd /u01/apex/apex [oracle@ocisoumya apex]$ cp -r images/ /u01/apex/ords_23.4/config/ords/standalone/doc_root/

 

Batch script to check tablespace usage and send email notification

 

Issue: We had a requirement for a customer, where oracle 19c database was running on Windows server 2019. Customer wanted to monitor tablespace’s datafile usage and get email alert incase the used space is less than 80%

To mitigate this , we developed a batch script leveraging powershell’s Send-Maillmessage command to achieve this.

 

Step 1.

First we create the sql which will be used to monitor the tablespace usage. Lets save it as E:\BackupScripts\Tbs_size_check.sql

Set lines 222 SELECT d.tablespace_name "TS Name", d.num_files "Num Files",        d.asize "Size MB", NVL (f.freebytes, 0) "Free MB",        (d.BYTES - NVL (f.freebytes, 0)) "Used MB",        ((d.BYTES - NVL (f.freebytes, 0)) * 100) / d.asize "Percent Used"   FROM (SELECT   tablespace_name, SUM (BYTES) / 1024 / 1024 freebytes             FROM dba_free_space         GROUP BY tablespace_name) f,        (SELECT   tablespace_name, COUNT (DISTINCT (file_id)) num_files,                  sum(greatest(maxbytes,bytes))/1024/1024 asize,                  SUM (BYTES) / 1024 / 1024 BYTES             FROM dba_data_files         GROUP BY tablespace_name) d  WHERE d.tablespace_name = f.tablespace_name(+)    AND d.tablespace_name not like '%UNDO%'    AND ROUND (((d.BYTES - NVL (f.freebytes, 0)) * 100) / d.asize) > 80;    exit;

Step 2.

Now lets create the batch script that will be used to monitor the tablespace usage and send an alert if the usage hits a predefined threshold value. In our case we have set threshold value to 80%. This can be modified as per the requirement.

@echo on REM Database credentials set DB_USER=sys set DB_PASS=passfordb set DB_SID=orcl REM Email configuration set EMAIL_RECIPIENT=soumya.das@testmail.com,usertwo@testmail.com set EMAIL_SUBJECT=Tablespace Usage Alert set FROM_EMAIL=database.alerts@testmail.com set HOSTNAME=%COMPUTERNAME% set EMAIL_BODY=Tablespace usage is  LOW at %HOSTNAME%. Please take appropriate action. set ATTACHMENTS=E:\TABLESPACE_USAGE.txt REM Execute SQL queries using SQL*Plus REM Execute SQL query and send email if threshold is met E:\app\oracle\product\19.3.0\dbhome_1\bin\sqlplus -S %DB_USER%/%DB_PASS%@%DB_SID% as sysdba @E:\BackupScripts\TS_SPACE_CHECK1.SQL > E:\TABLESPACE_USAGE.txt cd E:\ REM Read usage percent and tablespace name from TABLESPACE_USAGE.txt for /f "tokens=1,6" %%a in (E:\TABLESPACE_USAGE.txt) do (     set tablespace_name=%%a     set usage_percent=%%b ) rem echo %usage_percent%     REM Check if usage_percent is greater than or equal to the threshold if %usage_percent% GEQ 80 (         REM Send email alert with tablespace name and usage percentage powershell -ExecutionPolicy Bypass -Command "Send-MailMessage -From 'database.alerts@testmail.com' -To %EMAIL_RECIPIENT% -Subject '%EMAIL_SUBJECT%' -Body '%EMAIL_BODY%' -SmtpServer '192.24.1.40' -Attachments '%ATTACHMENTS%'" ) del E:\TABLESPACE_USAGE.txt

Open task scheduler and follow the following steps to schedule the batch script to run every 1 hour.

Done…

Oracle Apex 23.2 Installation and configuration on Linux - Part I

Oracle Application Express 23.2 Installation Steps 

 

Before installing Oracle Application Express, you must verify your configuration meets the minimum installation requirements.

•                Oracle Database Requirements

Oracle Application Express release 23.2 requires an Oracle Database release 19c or later, including Enterprise Edition and Standard Edition (SE) and Database 23c Free. Oracle Application Express can be installed in single-instance database and in Oracle Real Application Clusters (Oracle RAC) database.

 

·       Browser Requirements
Oracle APEX requires a JavaScript-enabled browser and supports the current and prior major release of Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge.

 

·       Web Server Requirements
Oracle APEX requires Oracle REST Data Services (ORDS) 20.x or later. The use of Quick SQL requires Oracle REST Data Services (ORDS) 23.3 or later.

 

•        MEMORY_TARGET of the Target Database

Oracle Application Express requires the system global area (SGA) and program global area (PGA) to be at least 300 MB.

•                Checking the WORKAREA_SIZE_POLICY of the Target Database
For the Oracle APEX installation or upgrade process, the WORKAREA_SIZE_POLICY session parameter must be set to AUTO.

SQL> alter system set WORKAREA_SIZE_POLICY=auto scope=both;

 

•        Oracle XML DB Requirement

Oracle XML DB must be installed in the Oracle database that you want to use if you are installing a full development environment. Oracle XML DB is not required for runtime only installations. If you are using a preconfigured database created either during an installation or by Database Configuration Assistant (DBCA), Oracle XML DB is already installed and configured.

 

Download Link: -

Oracle Application Express can be downloaded from HERE 

Environment details: -

OS	RHEL 7.9
IP	192.168.0.106
HOSTNAME	Server3.soumya.com
APEX VERSION	23.2
DB VERSION	19.3.0

 Once downloaded, unzip the software to begin the installation.

Create a directory where the apex software will be installed.

[oracle@server3 u01]$ mkdir -p /u01/apex

[oracle@server3 apex]$ unzip apex_23.2.zip -d /u01/apex

 

 

Create a new tablespace for APEX.

[oracle@server3 apex]$ sqlplus / as sysdba  SQL> create tablespace APEX datafile '/u01/app/oradata/ORCL/apexd01.dbf' size 2G autoextend on;

 

Apex Installation: -

[oracle@server3 apex]$ cd /u01/apex/apex [oracle@ocisoumya apex]$sqlplus / as sysdba SQL>@apexins.sql APEX APEX TEMP /i/   -- i refers image location in application. APEX refers the tablespace name , TEMP refers the temporary tablespace name.

Once the installation is complete, confirm it by running following query

SYS> SELECT comp_name, version, status FROM dba_registry WHERE comp_id='APEX';   COMP_NAME                      VERSION             STATUS ------------------------------ ------------------------------ ----------- Oracle APEX                            23.2.0                   VALID

To change the admin password using “apxchpwd.sql” script as sys user.

SQL> @apxchpwd.sql ...set_appun.sql ================================================================================ This script can be used to change the password of an Oracle APEX instance administrator. If the user does not yet exist, a user record will be created. ================================================================================ Enter the administrator's username [ADMIN] User "ADMIN" does not yet exist and will be created. Enter ADMIN's email [ADMIN] Enter ADMIN's password [] Created instance administrator ADMIN.

   For configuring static files, we must run apex_rest_config.sql after a new installation of Oracle          APEX.

SQL> @apex_rest_config.sql   Enter a password for the APEX_LISTENER user              [] Enter a password for the APEX_REST_PUBLIC_USER user              [] ...set_appun.sql ...setting session environment ...create APEX_LISTENER and APEX_REST_PUBLIC_USER users ...grants for APEX_LISTENER and ORDS_METADATA user

      Configure APEX

            Now there are two ways which we can use to access APEX.

1.    Oracle REST Data Services(ORDS)

2.    Embeded PL/SQL Gateway(EPG) Configuration

However Oracle recommendation is ORDS.

create  a custom profile and assign the profile to  standard users to avoid user lock issues.

CREATE PROFILE app_user1 LIMIT    FAILED_LOGIN_ATTEMPTS unlimited    PASSWORD_LIFE_TIME unlimited    PASSWORD_REUSE_TIME unlimited    PASSWORD_REUSE_MAX unlimited    PASSWORD_VERIFY_FUNCTION NULL    PASSWORD_LOCK_TIME unlimited    PASSWORD_GRACE_TIME unlimited;

Alter all apex related users to assign custom profile.

select username,account_status from dba_users where username like ('%APEX%');   ALTER USER APEX_230200 PROFILE app_user1; ALTER USER APEX_LISTENER PROFILE app_user1; ALTER USER APEX_REST_PUBLIC_USER PROFILE app_user1; ALTER USER APEX_PUBLIC_USER  PROFILE app_user1;

Unlock the users:-

ALTER USER APEX_LISTENER identified by Concept_ora1 account unlock; ALTER USER APEX_REST_PUBLIC_USER identified by Concept_ora1 account unlock; ALTER USER APEX_PUBLIC_USER  identified by Concept_ora1 account unlock;

 

Execute following to grant connect privileges to any host for the APEX_230200 database user. This example assumes you connected to the database where Oracle Application Express is installed as SYS specifying the SYSDBA role.

BEGIN   DBMS_NETWORK_ACL_ADMIN.append_host_ace (     host       => '*',     ace        => xs$ace_type(privilege_list => xs$name_list('connect','resolve'),                               principal_name => 'APEX_230200',                               principal_type => xs_acl.ptype_db)); END; /