In our company we have provided User creation access to a Basis Batch user id, But no one in the basis team have used the id to create users.
Unfortunately few months back this id has created some end users with critical access & deleted the user id's after some time.
Now no one know who actually did this.
I checked the change documents for those users & it onyly shows Batch Basis user id.
I checked that Batch Basis user id was always set to system type.
I also checked for that particular day if any background job was run for creating the id's & didn't find anything.
Can you plz let me know how to go about solving this major security breach.