CA PAM reports not showing addition or removal of users from a Credential Manager group

book

Article ID: 198611

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

When managing users in the Credential Manager User Groups (Credentials -> Manage Credential Groups -> Credential Groups) we need a way to check addition or removal from a certain Credential Management group. There is a report, "Administrative Activities", which seems similar to this use case,but for adding and removing users it only shows “Update” in the report. Is this correct and is there a way to generate the said report ?

Environment

PRIVILEGED ACCESS MANAGEMENT, all supported versions up to 3.4.X

Resolution

This is working as designed.

The logs don't show details about group membership, so any change there is not logged. They show the role and target group assigned to the group, not which users are members of the user group. 

Adding or removing a user to/from a user group are all user group update events,and they will show as such. Hence the "update" entries.

The Add or Delete activity covers the case where the user group itself is added or deleted, not when group members are added or deleted.