Currently, a user can only produce the Password Safe Entitlement by User report if they are a member of the Administrators group.
This means audit teams are unable to pull reports of group members in BeyondTrust Password Safe without:
PAM team assistance, or
being provided significantly more privilege than is required for their role.
Splitting the access for this into another Role/Group would allow group membership to be retrieved self-service by the audit team without any additional risk that comes with unnecessary highly privileged access.