In customer organization, audit department asks me the report.
For login specific device we create an L1 user group to access that device.
1. Where do we see which user member is access that level_1 user?
2. Which user member has done what activities where do we can see?
For a quick overview which user of your group viewed / used whichever password in PAM you can use the "Credential Manager Activities” page (Credentials / Reports / Activities / Configure / + Passwords used in last 30 days)
However the report "View Password Requests” might provide more details
I am not talking about the password view request.
I searching user member activities that done on end device using user group.
Device modifications are tracked in the Session Logs.
You can forward these to a SIEM solution (e.g. Splunk and retrieve relevant reports there)