Currently we log any changes made to the user in the system log.
If any user is granted an admin access or revoked access to certain apps etc, the events are logged and you can query them.
You should be able to see a dashboard like this -
Having said that, I’m not sure if all types of user events are logged.
And some details might not be available. For example, in the screenshot above, a user was granted “Read-only Admin” permissions. But the log only indicates that a user privilege was granted to a user. It doesn’t mention which exact role the user was given.
I suggest you to send an email to email@example.com to get more details on your particular use case.
Hope this helps.