Loading

Setup Audit Trail Shows Unexpected Changes by System Administrator in Salesforce

Publiceringsdatum: May 5, 2026
Beskrivning

When reviewing the Salesforce Setup Audit Trail or standard system-generated fields such as "Created By," some organizations may encounter unexpected setup changes attributed to an inactive System Administrator, or to an active System Administrator who was not logged in at the time of the change.

 

Example:
6/25/2019 1:10:01 PM PDT         admin@organization.com              Organization setup action: consentManagementEnabledOffOn has changed.

This type of unexpected history in the audit trail or a standard system-generated field can result in confusion or concern about data or system integrity.


 
Lösning

When Salesforce performs backend updates such as patch releases or version upgrades, the system cannot identify a specific initiating user. In these cases, Salesforce selects a random Administrator — defined as any user with the "Modify All Data" permission — and logs the change under that user's name. This is expected platform behavior and does not indicate a security concern for your organization's data or metadata.
There are multiple ways for organization preferences to be updated outside of the Salesforce user interface, including patch releases and version upgrades. When preferences are changed on the back end, the system cannot determine an initiating user and therefore selects a random Administrator to associate with the logged change.

While the example above is specific to the enablement of Consent Management, this auditing behavior is not limited to any specific feature or system permission. In most cases, there is no security concern regarding your organization's data or metadata.


 See also: Records Created, Updated or Deleted Unexpectedly

Knowledge-artikelnummer

000381159

 
Laddar
Salesforce Help | Article