I don't believe we log this in the database. we log the date a user last logged on, but not what role they were in.
in the appserver log you will see:
[16 Jan 2020 03:00:05,479] [Client-Connections-Thread-7] [INFO] [BLAdmin:BLAdmins:192.168.8.76] [Client] User 'BLAdmin' assumed the role 'BLAdmins'
when a user logs in.
but you'd probably also want to watch for jobs being run as the role:
[16 Jan 2020 00:05:01,706] [Job-Execution-0] [INFO] [BLAdmin:BLAdmins:] [NSHScript] __JobRun-2000034,1-2031403__ Started running the job 'Dashboard Report Job' with priority 'NORMAL' on application server 'blapp894.example.com'(2,000,000)
in case there is some kind of 'service account' type of thing setup
I would explore AUDIT_TRAIL table in the databse. It provides a very nice overview of the overall role usage based on the operations done on objects in BSA. Basically what you see in the console under "audit" on objects.
You will be able to get user_name, role, object accessed and policy granted and the exact date.
Give it a shot,