Account deletion by User __xcd_local__

book

Article ID: 207332

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We noticed in the system log, that 2 accounts were deleted by user __xcd_local__. 

Could you kindly confirm this is the system account used to deleted inactive users. Below is the setting for Accounts of the Global settings below for reference to indicate that there is indeed an expiry set.

 

Cause

The __xcd_local__ is a special user that is defined internally in CA PAM to take care of the housekeeping activities apart from other tasks such as mounting the session recording location, deleting inactive users, etc.,

The user __xcd_local__ is a special user in the CA PAM database, that is responsible for multiple internal tasks that are run with respect to the Credential Manager and other tasks.

This is a correct entry in the session logs when the user who is inactive is being deleted.

Environment

Release : 3.4.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

The product is working as designed, __xcd_local__ is an internal user in CA PAM.