We have a service that checks for file modification on our production servers to make sure no code is being changed in an unauthorized way. It caught the following command and permissions change.

2/3/20 5:42 AM /apps/niku/bin/serviceappcmd Modified ACL, Permissions niku (xxxx xxxx)

Our team didn't run this command at all so we just wanted to verify, is this something that systematically happens?

Release : All Supported Clarity releases

Component : CA PPM INTEGRATIONS & INSTALLATIONS

This can happen when serviceappcmd is called to redeploy services. When services are deployed, there is a folder created called $clarity\tomcat-app-deploy and this is where the permissions would be set up. So the explanation would be that at this time most likely you have redeployed the services on this environment. You can double check by checking the app-system log for this timeframe.