JamesK.45504 (Customer) asked a question.
Wondering if anyone has found a good way to look at the logs to see when a user has been removed from a role and which role?
If the user only has the one role and are removed I am seeing an entry for "displayMessage=Revoke user privilege", but the event will show that all roles available in Okta are being removed.
Also if the user has multiple roles and only one or some have been removed the only event I am able to find is a "displayMessage=Grant user privilege" and shows roles that the user still holds.
On the other hand is there a way to see only the role that was added as well since if you add a role you see the grant user event, but it will show all roles that they hold so you can't tell if it was one or multiple roles applied at that time.
Unfortunately, this is not possible at this point, I would recommend that you submit a feature request.
While I was unable to find the Feature Request already listed, here's where you can submit your idea:
https://support.okta.com/help/oktaideas
This page is closely monitored by Engineering and used to filter and consider ideas for future implementation.