Customer has run cron job to run sesudo and noticed that on PAMSC 14.1 (14.10.40.81) FILE Write resource access event shows the user name as root instead of the user runs sesudo.

01 Jun 2022 06:00:00 W FILE         root       Write     204  4 /opt/security/retrust.out /usr/bin/sh                  secadm
Event type: Resource access
Status: Warning
Class: FILE
Resource: /opt/security/retrust.out
Access: Write
User name: root
Program: /usr/bin/sh
Date: 01 Jun 2022
Time: 06:00
Details: Class in WARNING mode
User Logon Session ID: 62958209:00000110
Audit flags: AC database user
Effective user name: secadm

This is different from how PIM Endpoint 12.8 behaves. In case of PIM Endpoint 12.8 the user name of the event will be the user runs sesudo (Effective user name).

Release : 14.1

Component : PAMSC, CA ControlMinder - Unix

Engineering has identified this problem happened on AIX platform only and produced below patch to address this issue.

acpatch-DE539440-14.10.40.115-_AIX.zip

Please raise Technical Support ticket to request for the patch.