I'm pretty sure I know what happens, and am testing to verify, but what I'm looking for is doc saying what *should* happen in this case.

Take a User and do an add-role to grant them something. This works.
Take the User and do a revoke-role to remove access, using the optional effective-time string to post-date the change by a few days.
During the grace period during which the revoke has not yet happened, do another add-role for the same role.

I see that the second add-role has succeeded. The pending revoke-role is still out there, waiting to happen.

I believe what should happen is RRSD should process the revoke-role, see that there is a later add-role that has been done, then basically just silently discard the revoke-role since it is no longer applicable.

But where is this scenario documented?