diff --git a/src/main/java/org/codelibs/fess/helper/ActivityHelper.java b/src/main/java/org/codelibs/fess/helper/ActivityHelper.java
index 0850f26a0..21e24325f 100644
--- a/src/main/java/org/codelibs/fess/helper/ActivityHelper.java
+++ b/src/main/java/org/codelibs/fess/helper/ActivityHelper.java
@@ -112,6 +112,20 @@ public class ActivityHelper {
         log(buf);
     }
 
+    public void permissionChanged(final OptionalThing<FessUserBean> user) {
+        final StringBuilder buf = new StringBuilder(100);
+        buf.append("action:");
+        buf.append(Action.UPDATE_PERMISSION);
+        buf.append('\t');
+        buf.append("user:");
+        buf.append(user.map(u -> u.getUserId()).orElse("-"));
+        buf.append('\t');
+        buf.append("permissions:");
+        buf.append(user.map(u -> stream(u.getPermissions()).get(stream -> stream.collect(Collectors.joining(permissionSeparator))))
+                .filter(StringUtil::isNotBlank).orElse("-"));
+        log(buf);
+    }
+
     private void log(final StringBuilder buf) {
         buf.append('\t');
         buf.append("ip:");
@@ -127,7 +141,7 @@ public class ActivityHelper {
     }
 
     protected enum Action {
-        LOGIN, LOGOUT, ACCESS, LOGIN_FAILURE;
+        LOGIN, LOGOUT, ACCESS, LOGIN_FAILURE, UPDATE_PERMISSION;
     }
 
     public void setLoggerName(final String loggerName) {
diff --git a/src/main/java/org/codelibs/fess/ldap/LdapUser.java b/src/main/java/org/codelibs/fess/ldap/LdapUser.java
index 2b551cb97..00c12cc27 100644
--- a/src/main/java/org/codelibs/fess/ldap/LdapUser.java
+++ b/src/main/java/org/codelibs/fess/ldap/LdapUser.java
@@ -22,8 +22,10 @@ import java.util.Hashtable;
 import org.apache.commons.lang3.ArrayUtils;
 import org.codelibs.core.lang.StringUtil;
 import org.codelibs.fess.entity.FessUser;
+import org.codelibs.fess.mylasta.action.FessUserBean;
 import org.codelibs.fess.mylasta.direction.FessConfig;
 import org.codelibs.fess.util.ComponentUtil;
+import org.dbflute.optional.OptionalThing;
 
 public class LdapUser implements FessUser {
 
@@ -54,9 +56,10 @@ public class LdapUser implements FessUser {
             final String groupFilter = fessConfig.getLdapGroupFilter();
             if (StringUtil.isNotBlank(baseDn) && StringUtil.isNotBlank(accountFilter)) {
                 permissions =
-                        ArrayUtils.addAll(
-                                ComponentUtil.getLdapManager().getRoles(this, baseDn, accountFilter, groupFilter,
-                                        roles -> permissions = roles), fessConfig.getRoleSearchUserPrefix() + getName());
+                        ArrayUtils.addAll(ComponentUtil.getLdapManager().getRoles(this, baseDn, accountFilter, groupFilter, roles -> {
+                            permissions = roles;
+                            ComponentUtil.getActivityHelper().permissionChanged(OptionalThing.of(new FessUserBean(this)));
+                        }), fessConfig.getRoleSearchUserPrefix() + getName());
             } else {
                 permissions = StringUtil.EMPTY_STRINGS;
             }