The lack of a way to monitor the users' actions resulting in changes to the NNMi database was a flaw in previous versions of NNMi. However version 10.x introduces the new "NNMi Auditing" feature.
Users' actions like creating/deleting node groups, changing incidents' ownership, etc. are logged into %NnmDataDir%\nmsas\NNM\log\audit-<date>.log file.
For more information please refer to NNMi 10 Deployment reference, section "NNMi Auditing":
The views expressed in my contributions are my own and do not necessarily reflect the views and strategy of HP.
If you find this or any post resolves your issue, please be sure to mark it as an accepted solution, If you are satisfied with anyone’s response please remember to give them a KUDOS and show your appreciation.