There is sometimes a requirement to audit when users elavate to role with elevated privilege on the instance for eg : elevate to security_admin role.
1. When user elevates to the privileged role , the event is created with event name "security.elevated_role.enabled" on sysevent table
2. Parm1 is user_name of user and Parm2 is role name.
3. Can use the "Script Action" to process this event and audit the event as required.