I'm trying to hunt down who added a group of users to a patching role that they didn't belong to.
I didn't remember seeing an action created when a user is added or modified.
How can find out who modified user x?
I believe it shows up in the server_audit.log on the root server. I'll check tomorrow if you haven't had a more definitive response by then.