Say you move a user to a different business unit, but you forget that when you change a user’s business unit, it removes all of the user’s security roles. How do you find what role the user used to have?
One answer is audit history.
If auditing is enabled for user entity, you will see an “associate” record whenever a role is added, and a “disassociate” record whenever a role is removed. This can also be helpful for identifying who made the change in the scenario where one of the admins does an accidental role update or business unit move.