A user contacted me this morning because he no longer had access to some functionality, to which I had given him access the same day. Turns out that the user has been removed from a/the group 'administrators'.
When checking the audit log, the user 'system' appears to have made the change. Off course, asking the person who might have made the change would be an option too - but I would like to know why it is logged as 'system' when a user performs the action?
Unless the 'system' user has decided to remove 3 users from a group by itself, or I might be missing something ;) ?
Thanks for reporting this, it is a side effect of some ID related changes that were made to Cloud. The issues to keep an eye on are: Audit log for user management and Audit logs don't show usernames upon user changes after introducing unified administration.
I tested on my instance, because it did seem weird, and sure enough the test group I created is listed in the Audit log as being created by System:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.