Currently, the following limitations exist for logging changes to user role assignments on the USER_ROLE table out-of-the-box.

• Making changes to the USER_ROLE table directly are not logged, nor does the table contain any columns useful for auditing such as 'CreatedBy', 'CreatedOn', 'UpdatedBy', 'UpdatedOn', or 'Is_Active'.
• Assigning or revoking roles using role actions built into the Users module generates logs in the General Log tables, but the message is string that requires additional parsing to extract information, such as the usernames of whomever assigned the role and to whom it was assigned.

Changes to assignments in the USER_ROLE table should be logged automatically in a dedicated logging table, regardless of source. Adding additional audit columns to the existing table would help too.