search cancel

CA PAM reports not showing addition or removal of users from a Credential Manager group


Article ID: 198611


Updated On:


CA Privileged Access Manager (PAM)


When managing users in the Credential Manager User Groups (Credentials -> Manage Credential Groups -> Credential Groups) we need a way to check addition or removal from a certain Credential Management group. There is a report, "Administrative Activities", which seems similar to this use case,but for adding and removing users it only shows “Update” in the report. Is this correct and is there a way to generate the said report ?


PRIVILEGED ACCESS MANAGEMENT, all supported versions up to 3.4.X


This is working as designed.

The logs don't show details about group membership, so any change there is not logged. They show the role and target group assigned to the group, not which users are members of the user group. 

Adding or removing a user to/from a user group are all user group update events,and they will show as such. Hence the "update" entries.

The Add or Delete activity covers the case where the user group itself is added or deleted, not when group members are added or deleted.