Can someone confirm the best way to find out who removed a member from a team, d

This information is not logged by default nor logged precisely the way you describe your requirement, however if you are using Appian 6.7.1 and above you can increase the Authorization Audit Logging to DEBUG to know what action is performing each user and whether it has been authorized or not by updating this line in /ear/suite.ear/resources/appian_log4j.properties

log4j.logger.com.appian.authz-audit=DEBUG, AUTHZ_AUDIT

when set to DEBUG this will log everything in the <APPIAN_HOME>/logs/authz-audit.csv so this log will be big.

This is how the log will show that somebody removed a user (notice how you only know that the user did it but you don't know from what group nor who he removed)

13:30.5          eduardo.fuentes          k-service-personalization          com.appiancorp.suiteapi.personalization.GroupService.removeMemberUsers          ALLOWED                    allowedBasedOnTheseRoles=[designer]

This information is not logged by default nor logged precisely the way you describe your requirement, however if you are using Appian 6.7.1 and above you can increase the Authorization Audit Logging to DEBUG to know what action is performing each user and whether it has been authorized or not by updating this line in /ear/suite.ear/resources/appian_log4j.properties

log4j.logger.com.appian.authz-audit=DEBUG, AUTHZ_AUDIT

when set to DEBUG this will log everything in the <APPIAN_HOME>/logs/authz-audit.csv so this log will be big.

This is how the log will show that somebody removed a user (notice how you only know that the user did it but you don't know from what group nor who he removed)

13:30.5          eduardo.fuentes          k-service-personalization          com.appiancorp.suiteapi.personalization.GroupService.removeMemberUsers          ALLOWED                    allowedBasedOnTheseRoles=[designer]