Please investigate with the users on the root cause, provide justification and clarification and have It kept for reference and also for audit purpose. Any significant found ( e.g. such violation’s not done by the User ID’s Owner, the user try to access function that was not authorized etc. ), please promptly escalate