How do I find out who deleted a user from Password Authority?

Document ID : KB000011622
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

A user was deleted from the database, and management needs to find out who deleted that user.

Question:

How do I find out who deleted a user from Password Authority?

Environment:
PA 4.5.3Database: SQL Server 2008 R2
Answer:

This report can be run from the GUI by going to PA Reports/Administrative Activities, and selecting Start Date and End Date.  This report contains all administrative activities including deleted users.  The report also has a configurable limitation of 3000 line entries, and if the event is not recent, it may hit the maximum entries right away.

If you hit the maximum entries, you can run the following PA database query:  

SELECT * FROM auditlog WHERE eventtype = 'D' AND classid = 'c.cw.m.us';

This query will return all the auditlog records for deleted users. You can also add 'createdate' to the parameters to narrow down the search.

A DBA may be needed to run this query.