Recently, one of my other vcenter admins(with out ill intent) added an account to vcenter global permissions as read only However, that account was already in the global permissions but in an ad group with administrator access. Apparently this caused some conflicts in permissions and some of our applications didn't work correctly because of the conflict. To that end, I am wanting to look for a script or tool to notify a group of users that a new user or permission has been changed. I know netwrix does something like this but i think that is more focused on vm's more than vcenter changes.
The VMware Event Broker Appliance (VEBA) https://vmweventbroker.io/ is what you're looking for. It allows you to subscribe to over 1800+ vCenter Events including permission changes (both standard and global permissions), see https://github.com/lamw/vcenter-event-mapping/blob/master/vsphere-7.0u2.md for an example (search for permission). Once you've identified the type of Event/Change you're interested in, then you can perform basic operations such as notify via Slack, Teams, Email, Text, etc or do even more interesting automation based on these Events. If you're new or curious how VEBA works, check out this video https://youtu.be/udewtoqfU7I and feel free to reach out to team in our Slack channel