Roles are defined in Library Config. Their Roles have pre-defined permissions, as standard permissions for the respective role. 
When the permissions are edited under Library Config, it affects all users of the respective role. If a user is editing Role permission, it will be auditable.
In case user is changing the permission of another user, we have a report that it is showing the permission exceptions.
For example, Roles have designated permissions set in library config. Let`s say someone is going to an user with Role, for example, HR USER, and it gives to this user the permission for Payroll. If Payroll is not part of the permission tree set for HR USER Role, then this change will show in the report.
In this report it can be seen what extra permission has a user, other that the default permissions tree set for that user Role.
Also, we can see who is giving additional permissions to a user:
Comments
Article is closed for comments.