Excluding a user from a security group leaves the user as an invalid user in the environment.

The security role will also remain assigned to the user at that time.

In that case, a manual operation to unassign the security role is required, but it would be very convenient for the user if the security role is unassigned when the user is excluded from the security group.