As it stands today, when a user from an operating tenant accesses a managed tenant, no audit record is created on the managed tenant. This, to me, creates a security blindspot and XC should generate an audit entry on the managed tenant, when access from an operating tenant.