This document discusses how to audit access to sensitive data in Oracle HCM Cloud. It explains that the Sensitive Data Access Audit page allows monitoring access to attributes like national IDs, addresses and phone numbers. Only users with the IT Auditor predefined role or a custom role granted the PER_VIEW_SENSITIVE_DATA_ACCESS_AUDIT_PRIV privilege can access the audit data. Enabling the ORA_HCM_SENSITIVE_DATA_VIEW_AUDIT_ENABLED profile allows logging sensitive data views to the PER_SENSITIVE_DATA_AUDIT table, where details on viewed persons, viewers, pages and times can be queried.

1. What is Sensitive Data Access Audit
We can audit the viewing of sensitive data in the HCM Responsive pages. We can use this information
for compliance and monitoring of access to sensitive data from your browser.
Read access to the following sensitive attributes can be audited:
• National Identifier Number
• Passport Number
• Driver License Number
• Personal Home Address
• Personal Email Address
• Personal Telephone Number
• Account Number
• Citizenship Number
• Visa Number, Work Permit and Residency Number
Roles required to access this functionality:
The Sensitive Data Access Audit page is secured using a function security privilege with a privilege
code of PER_VIEW_SENSITIVE_DATA_ACCESS_AUDIT_PRIV. It’s granted to the predefined IT Auditor
role. If you want to allow any custom job or abstract roles to access this page, you should grant this
function security privilege to the custom roles.
FUNCTION SECURITY PRIVILEGE PREDEFINED ROLE
PER_VIEW_SENSITIVE_DATA_ACCESS_AUDIT_PRIV IT Auditor

2. Enable Sensitive Data Access Audit
To enable auditing of sensitive data access, you need to set the Mobile-Responsive Sensitive Data
View Audit Enabled (ORA_HCM_SENSITIVE_DATA_VIEW_AUDIT_ENABLED) profile option to Y.
1. Go to the Setup and Maintenance work area.
2. Search for and click the Manage Administrator Profile Values task.
3. Search for the ORA_HCM_SENSITIVE_DATA_VIEW_AUDIT_ENABLED profile option code
and select it from the search results.
4. Below, set the Profile Level to site and the Profile Value to Y.
5. Click Save and Close.
Once this profile option is set and the “IT Auditor” role is assigned to an user, we can use the subject
areas to extract the information of the employees/users information who viewed the sensitive data.
We can extract the IP address of the user, device (Mobile/Laptop), Audit Date, Audit Time, Browser,
Operating System used, Username, Page Title which was viewed, etc.

3. Subject Area to get this information:
We can get this information from “Workforce Management – Sensitive Data Access Audit Real
Time” subject area.
Enables us to track and report the details about the sensitive data that is accessed from Oracle HCM
Cloud page. For example, Jane signed in and viewed Rondi’s national identifier and signed out.
Key information that you can report on
• Viewed Person Details – The details of the person whose data has been accessed
• Viewer Person Details – The details of the person who has accessed sensitive data
• Viewed Page Name
• Viewed Sensitive Data
• Viewed Date and time
• Viewer IP address, Browser, Operating system, etc.
Sample Dashboard has been posted by Oracle team on Cloud Customer Connect forum

4. Detailed Live Demo has been provided by Oracle Product Managers on this feature as part of OTBI
Office Hours
Backend Table to get this information:
We can also query the backend table to get this information if you want to build a custom report with
multiple filters or add it to other module queries.
PER_SENSITIVE_DATA_AUDIT is the table which stores the sensitive data audit information.
Sample queries:
Query to get records by logged in user name
select * from per_sensitive_data_audit where viewer_user_name = '<YOUR_USER_NAME>' order by
creation_date desc
Query to get records by logged in user name & IP address of machine
select * from per_sensitive_data_audit where viewer_user_name = '<YOUR_USER_NAME>' and
ip_address='<YOUR_MACHINE_IP_ADDRESS>' order by creation_date desc