Auditing of security roles can provide the answers to all those questions. You can enable the the auditing of the security roles entity by selecting the audit checkbox as shown in the following screenshot.
You can also enable the auditing for the Field Security Profile and Field Permission entities.
Now auditing is enabled and you can tell when a new security role is created. If a permission is added or updated in the security role, It will tell you when you assign this security role or remove the security role from the the user or the team record. The following screenshot displays the some of the events associated with security role auditing.
In the screenshot above, we can see:
- A ”Create” event when a new security role is created.
- A ”Add Privileges to Role” event when new privileges are added to the security role.
- A ”Replace Privileges to Role” event when the privileges are updated to the security role.
- A ”Associate Entities” event when the security role is assigned to a user/team.
- A ”Disassociate Entities” event when the security role is removed from a user/team.