@Aleksandar Jelić the role mapping within guard (the service behind the webhook described in the docs which is providing the Azure RBAC integration) is not something the product folks will discuss as it's an implementation detail
However, if you want to track/see what's going on you can opt into the guard logs via an AKS diagnostic setting and query the results in log analytics (or wherever you decide to send the logs)
REF https://learn.microsoft.com/en-us/azure/aks/monitor-aks#resource-logs
What you can see here, amongst other things is the encache details logged for the auth result - so for example what decision was made for a user , with a given Az RBAC role assignment , for a given kubectl command etc.