diff --git a/management/server/account_test.go b/management/server/account_test.go
index 80052875d..23afd345b 100644
--- a/management/server/account_test.go
+++ b/management/server/account_test.go
@@ -633,7 +633,9 @@ func TestAccountManager_NetworkUpdates(t *testing.T) {
 		return
 	}
 
-	account, err := createAccount(manager, "test_account", "account_creator", "")
+	userID := "account_creator"
+
+	account, err := createAccount(manager, "test_account", userID, "")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -715,7 +717,7 @@ func TestAccountManager_NetworkUpdates(t *testing.T) {
 			}
 		}()
 
-		if err := manager.SaveGroup(account.Id, &group); err != nil {
+		if err := manager.SaveGroup(account.Id, userID, &group); err != nil {
 			t.Errorf("save group: %v", err)
 			return
 		}
@@ -740,7 +742,7 @@ func TestAccountManager_NetworkUpdates(t *testing.T) {
 			defaultRule = r
 		}
 
-		if err := manager.DeleteRule(account.Id, defaultRule.ID); err != nil {
+		if err := manager.DeleteRule(account.Id, userID, defaultRule.ID); err != nil {
 			t.Errorf("delete default rule: %v", err)
 			return
 		}
@@ -760,7 +762,7 @@ func TestAccountManager_NetworkUpdates(t *testing.T) {
 			}
 		}()
 
-		if err := manager.SaveRule(account.Id, &rule); err != nil {
+		if err := manager.SaveRule(account.Id, userID, &rule); err != nil {
 			t.Errorf("delete default rule: %v", err)
 			return
 		}
@@ -780,7 +782,7 @@ func TestAccountManager_NetworkUpdates(t *testing.T) {
 			}
 		}()
 
-		if _, err := manager.DeletePeer(account.Id, peer3.Key); err != nil {
+		if _, err := manager.DeletePeer(account.Id, userID, peer3.Key); err != nil {
 			t.Errorf("delete peer: %v", err)
 			return
 		}
@@ -815,8 +817,8 @@ func TestAccountManager_DeletePeer(t *testing.T) {
 		t.Fatal(err)
 		return
 	}
-
-	account, err := createAccount(manager, "test_account", "account_creator", "")
+	userID := "account_creator"
+	account, err := createAccount(manager, "test_account", userID, "")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -844,7 +846,7 @@ func TestAccountManager_DeletePeer(t *testing.T) {
 		return
 	}
 
-	_, err = manager.DeletePeer(account.Id, peerKey)
+	_, err = manager.DeletePeer(account.Id, userID, peerKey)
 	if err != nil {
 		return
 	}
diff --git a/management/server/activity/event.go b/management/server/activity/event.go
index 34b7ad040..d92698863 100644
--- a/management/server/activity/event.go
+++ b/management/server/activity/event.go
@@ -33,6 +33,8 @@ const (
 	GroupCreated
 	// GroupUpdated indicates that a user updated a group
 	GroupUpdated
+	// PeerGroupsUpdated indicates that a user updated groups of a peer
+	PeerGroupsUpdated
 )
 
 const (
@@ -66,6 +68,8 @@ const (
 	GroupCreatedMessage string = "Group created"
 	// GroupUpdatedMessage is a human-readable text message of the GroupUpdated activity
 	GroupUpdatedMessage string = "Group updated"
+	// PeerGroupsUpdatedMessage is a human-readable text message of the PeerGroupsUpdated activity
+	PeerGroupsUpdatedMessage string = "Peer groups updated"
 )
 
 // Activity that triggered an Event
@@ -104,6 +108,8 @@ func (a Activity) Message() string {
 		return GroupCreatedMessage
 	case GroupUpdated:
 		return GroupUpdatedMessage
+	case PeerGroupsUpdated:
+		return PeerGroupsUpdatedMessage
 	default:
 		return "UNKNOWN_ACTIVITY"
 	}
@@ -142,6 +148,8 @@ func (a Activity) StringCode() string {
 		return "group.add"
 	case GroupUpdated:
 		return "group.update"
+	case PeerGroupsUpdated:
+		return "peer.groups.update"
 	default:
 		return "UNKNOWN_ACTIVITY"
 	}
diff --git a/management/server/management_proto_test.go b/management/server/management_proto_test.go
index 5dc20b0cb..bace763fd 100644
--- a/management/server/management_proto_test.go
+++ b/management/server/management_proto_test.go
@@ -3,6 +3,7 @@ package server
 import (
 	"context"
 	"fmt"
+	"github.com/netbirdio/netbird/management/server/activity"
 	"net"
 	"os"
 	"path/filepath"
@@ -403,7 +404,12 @@ func startManagement(t *testing.T, port int, config *Config) (*grpc.Server, erro
 		return nil, err
 	}
 	peersUpdateManager := NewPeersUpdateManager()
-	accountManager, err := BuildManager(store, peersUpdateManager, nil, "", "")
+	eventStore, err := activity.NewSQLiteStore(t.TempDir())
+	if err != nil {
+		return nil, err
+	}
+	accountManager, err := BuildManager(store, peersUpdateManager, nil, "", "",
+		eventStore)
 	if err != nil {
 		return nil, err
 	}
diff --git a/management/server/management_test.go b/management/server/management_test.go
index f4c1b2ac0..093afcc18 100644
--- a/management/server/management_test.go
+++ b/management/server/management_test.go
@@ -2,6 +2,7 @@ package server_test
 
 import (
 	"context"
+	"github.com/netbirdio/netbird/management/server/activity"
 	"math/rand"
 	"net"
 	"os"
@@ -493,7 +494,12 @@ func startServer(config *server.Config) (*grpc.Server, net.Listener) {
 		log.Fatalf("failed creating a store: %s: %v", config.Datadir, err)
 	}
 	peersUpdateManager := server.NewPeersUpdateManager()
-	accountManager, err := server.BuildManager(store, peersUpdateManager, nil, "", "")
+	eventStore, err := activity.NewSQLiteStore(config.Datadir)
+	if err != nil {
+		log.Fatalf("failed creating a event store: %s: %v", config.Datadir, err)
+	}
+	accountManager, err := server.BuildManager(store, peersUpdateManager, nil, "", "",
+		eventStore)
 	if err != nil {
 		log.Fatalf("failed creating a manager: %v", err)
 	}
diff --git a/management/server/nameserver_test.go b/management/server/nameserver_test.go
index 30cc8246f..b419080af 100644
--- a/management/server/nameserver_test.go
+++ b/management/server/nameserver_test.go
@@ -2,6 +2,7 @@ package server
 
 import (
 	nbdns "github.com/netbirdio/netbird/dns"
+	"github.com/netbirdio/netbird/management/server/activity"
 	"github.com/stretchr/testify/require"
 	"net/netip"
 	"testing"
@@ -1056,7 +1057,11 @@ func createNSManager(t *testing.T) (*DefaultAccountManager, error) {
 	if err != nil {
 		return nil, err
 	}
-	return BuildManager(store, NewPeersUpdateManager(), nil, "", "")
+	eventStore, err := activity.NewSQLiteStore(t.TempDir())
+	if err != nil {
+		return nil, err
+	}
+	return BuildManager(store, NewPeersUpdateManager(), nil, "", "", eventStore)
 }
 
 func createNSStore(t *testing.T) (Store, error) {
diff --git a/management/server/peer_test.go b/management/server/peer_test.go
index 54f4629ba..28242cddc 100644
--- a/management/server/peer_test.go
+++ b/management/server/peer_test.go
@@ -87,9 +87,9 @@ func TestAccountManager_GetNetworkMapWithRule(t *testing.T) {
 		return
 	}
 
-	expectedId := "test_account"
-	userId := "account_creator"
-	account, err := createAccount(manager, expectedId, userId, "")
+	expectedID := "test_account"
+	userID := "account_creator"
+	account, err := createAccount(manager, expectedID, userID, "")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -134,13 +134,13 @@ func TestAccountManager_GetNetworkMapWithRule(t *testing.T) {
 		return
 	}
 
-	rules, err := manager.ListRules(account.Id, userId)
+	rules, err := manager.ListRules(account.Id, userID)
 	if err != nil {
 		t.Errorf("expecting to get a list of rules, got failure %v", err)
 		return
 	}
 
-	err = manager.DeleteRule(account.Id, rules[0].ID)
+	err = manager.DeleteRule(account.Id, rules[0].ID, userID)
 	if err != nil {
 		t.Errorf("expecting to delete 1 group, got failure %v", err)
 		return
@@ -159,12 +159,12 @@ func TestAccountManager_GetNetworkMapWithRule(t *testing.T) {
 	group1.Peers = append(group1.Peers, peerKey1.PublicKey().String())
 	group2.Peers = append(group2.Peers, peerKey2.PublicKey().String())
 
-	err = manager.SaveGroup(account.Id, &group1)
+	err = manager.SaveGroup(account.Id, userID, &group1)
 	if err != nil {
 		t.Errorf("expecting group1 to be added, got failure %v", err)
 		return
 	}
-	err = manager.SaveGroup(account.Id, &group2)
+	err = manager.SaveGroup(account.Id, userID, &group2)
 	if err != nil {
 		t.Errorf("expecting group2 to be added, got failure %v", err)
 		return
@@ -174,7 +174,7 @@ func TestAccountManager_GetNetworkMapWithRule(t *testing.T) {
 	rule.Source = append(rule.Source, group1.ID)
 	rule.Destination = append(rule.Destination, group2.ID)
 	rule.Flow = TrafficFlowBidirect
-	err = manager.SaveRule(account.Id, &rule)
+	err = manager.SaveRule(account.Id, userID, &rule)
 	if err != nil {
 		t.Errorf("expecting rule to be added, got failure %v", err)
 		return
@@ -222,7 +222,7 @@ func TestAccountManager_GetNetworkMapWithRule(t *testing.T) {
 	}
 
 	rule.Disabled = true
-	err = manager.SaveRule(account.Id, &rule)
+	err = manager.SaveRule(account.Id, userID, &rule)
 	if err != nil {
 		t.Errorf("expecting rule to be added, got failure %v", err)
 		return
diff --git a/management/server/route_test.go b/management/server/route_test.go
index 1bd0598cc..87c1325cb 100644
--- a/management/server/route_test.go
+++ b/management/server/route_test.go
@@ -1,6 +1,7 @@
 package server
 
 import (
+	"github.com/netbirdio/netbird/management/server/activity"
 	"github.com/netbirdio/netbird/route"
 	"github.com/rs/xid"
 	"github.com/stretchr/testify/require"
@@ -14,6 +15,7 @@ const (
 	routeGroup1        = "routeGroup1"
 	routeGroup2        = "routeGroup2"
 	routeInvalidGroup1 = "routeInvalidGroup1"
+	userID             = "testingUser"
 )
 
 func TestCreateRoute(t *testing.T) {
@@ -831,7 +833,6 @@ func TestDeleteRoute(t *testing.T) {
 func TestGetNetworkMap_RouteSync(t *testing.T) {
 	// no routes for peer in different groups
 	// no routes when route is deleted
-
 	baseRoute := &route.Route{
 		ID:          "testingRoute",
 		Network:     netip.MustParsePrefix("192.168.0.0/16"),
@@ -895,7 +896,7 @@ func TestGetNetworkMap_RouteSync(t *testing.T) {
 		Name:  "peer1 group",
 		Peers: []string{peer1Key},
 	}
-	err = am.SaveGroup(account.Id, newGroup)
+	err = am.SaveGroup(account.Id, userID, newGroup)
 	require.NoError(t, err)
 
 	rules, err := am.ListRules(account.Id, "testingUser")
@@ -908,10 +909,10 @@ func TestGetNetworkMap_RouteSync(t *testing.T) {
 	newRule.Source = []string{newGroup.ID}
 	newRule.Destination = []string{newGroup.ID}
 
-	err = am.SaveRule(account.Id, newRule)
+	err = am.SaveRule(account.Id, userID, newRule)
 	require.NoError(t, err)
 
-	err = am.DeleteRule(account.Id, defaultRule.ID)
+	err = am.DeleteRule(account.Id, userID, defaultRule.ID)
 	require.NoError(t, err)
 
 	peer1GroupRoutes, err := am.GetNetworkMap(peer1Key)
@@ -936,7 +937,11 @@ func createRouterManager(t *testing.T) (*DefaultAccountManager, error) {
 	if err != nil {
 		return nil, err
 	}
-	return BuildManager(store, NewPeersUpdateManager(), nil, "", "")
+	eventStore, err := activity.NewSQLiteStore(t.TempDir())
+	if err != nil {
+		return nil, err
+	}
+	return BuildManager(store, NewPeersUpdateManager(), nil, "", "", eventStore)
 }
 
 func createRouterStore(t *testing.T) (Store, error) {
@@ -980,7 +985,6 @@ func initTestRouteAccount(t *testing.T, am *DefaultAccountManager) (*Account, er
 	}
 
 	accountID := "testingAcc"
-	userID := "testingUser"
 	domain := "example.com"
 
 	account := newAccountWithId(accountID, userID, domain)
@@ -1002,7 +1006,7 @@ func initTestRouteAccount(t *testing.T, am *DefaultAccountManager) (*Account, er
 		Name:  routeGroup1,
 		Peers: []string{peer1Key},
 	}
-	err = am.SaveGroup(accountID, newGroup)
+	err = am.SaveGroup(accountID, userID, newGroup)
 	if err != nil {
 		return nil, err
 	}
@@ -1013,7 +1017,7 @@ func initTestRouteAccount(t *testing.T, am *DefaultAccountManager) (*Account, er
 		Peers: []string{peer1Key},
 	}
 
-	err = am.SaveGroup(accountID, newGroup)
+	err = am.SaveGroup(accountID, userID, newGroup)
 	if err != nil {
 		return nil, err
 	}
diff --git a/management/server/setupkey_test.go b/management/server/setupkey_test.go
index 290259116..41b3c1697 100644
--- a/management/server/setupkey_test.go
+++ b/management/server/setupkey_test.go
@@ -20,7 +20,7 @@ func TestDefaultAccountManager_SaveSetupKey(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	err = manager.SaveGroup(account.Id, &Group{
+	err = manager.SaveGroup(account.Id, userID, &Group{
 		ID:    "group_1",
 		Name:  "group_name_1",
 		Peers: []string{},
@@ -33,7 +33,7 @@ func TestDefaultAccountManager_SaveSetupKey(t *testing.T) {
 	keyName := "my-test-key"
 
 	key, err := manager.CreateSetupKey(account.Id, keyName, SetupKeyReusable, expiresIn, []string{},
-		SetupKeyUnlimitedUsage)
+		SetupKeyUnlimitedUsage, userID)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -46,7 +46,7 @@ func TestDefaultAccountManager_SaveSetupKey(t *testing.T) {
 		Name:       newKeyName,
 		Revoked:    revoked,
 		AutoGroups: autoGroups,
-	})
+	}, userID)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -67,7 +67,7 @@ func TestDefaultAccountManager_CreateSetupKey(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	err = manager.SaveGroup(account.Id, &Group{
+	err = manager.SaveGroup(account.Id, userID, &Group{
 		ID:    "group_1",
 		Name:  "group_name_1",
 		Peers: []string{},
@@ -76,7 +76,7 @@ func TestDefaultAccountManager_CreateSetupKey(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	err = manager.SaveGroup(account.Id, &Group{
+	err = manager.SaveGroup(account.Id, userID, &Group{
 		ID:    "group_2",
 		Name:  "group_name_2",
 		Peers: []string{},
@@ -121,7 +121,7 @@ func TestDefaultAccountManager_CreateSetupKey(t *testing.T) {
 	for _, tCase := range []testCase{testCase1, testCase2} {
 		t.Run(tCase.name, func(t *testing.T) {
 			key, err := manager.CreateSetupKey(account.Id, tCase.expectedKeyName, SetupKeyReusable, expiresIn,
-				tCase.expectedGroups, SetupKeyUnlimitedUsage)
+				tCase.expectedGroups, SetupKeyUnlimitedUsage, userID)
 
 			if tCase.expectedFailure {
 				if err == nil {