Vault: Report on Vault Account and User Activity



Vault Account Activity Report

Date Range

Select a start date for which to pull reporting data. Then select either the number of days for which to pull your report or an end date.


To see all events involving a specific BeyondTrust Vault stored account, type in the account name, or select the account from the dynamic pop-up list.


To see all events involving a specific privileged user, type in the user's name, or select the user's name from the dynamic pop-up list.

For more information, please see BeyondTrust Vault Technical Whitepaper.

If a user has been anonymized in an effort to follow compliance standards, the Vault Account Activity report may display pseudonyms for user data or may indicate that information has been deleted. To learn more about data anonymization and deletion for compliance efforts, please see Compliance: Anonymize Data to Meet Compliance Standards.

Vault Account Activity Report Results

Because users can be granted separate access to use and check out accounts, the Vault Account Activity Report distinguishes between the two. This allows administrators to tell the difference between a user who is able to view the account's password and a user who is only able to inject credentials in a session.

In the Vault Account Activity Report, the Data column shows information associated with the event. The Credentials Checked Out event contains a Details link in the new Data column when credentials are checked out while in a session. This link redirects to the Support Session Detail Report in which the credentials were used.

If the credentials are checked out from /login, then no Details link is present in the Data column.