This post is to answer for one of the customer question related to how they can know what user is doing, ie activity when using WUG, like add and remove device during the login session.
First of all, be note that WUG is monitoring system for device you provision in the system for monitoring the device status change, all data is store inside database. When an authorized user is remove device from the WUG, it remove it from the database, related items like historical data and relationships between items, item types and monitors which are defined through a number of cross-referenced pivot tables are indeed removed from the system.
If just want to know whether an authorized user had remove or delete device during his login (we are advice to had specific user login account for each user, else you are in trouble to detect who make the change during the login, if the login account being share). Access from top menu <Analyze> then <Logs>, <Web User Activity Log>
You can from the WUG login, and go thru the time log for the user activity.
But due to it deleted the device details in the database, so it no way to know what exactly the person is deleted. The only way for recover is to restored from the backup of the database before the action is being carry out. So, had ongoing regular backup of database is essential.
Another best practice is to avoid unnecessary authorizerd change or delete, is to provision each user account with very specific access and right. For example, if the user is just for monitoring, he do not need to had right to make change to the device.
It can be configure in the user right access by administrator. You need to spend some time to create some of the realistic role relevant to your own organization, and each come with certain access right. Or can create group as well depend on your use case.