After changing a user's mailbox rights and reviewing the object's Change History report, you will see that the "edsaMailboxSecurityDescriptor" has been changed and the column "New Value" includes a value that is not in a readable format for end users. The value displayed may vary depending on the Exchange's version.
For example (Exchange 2003):
Action Attribute New Value Specified By
Update edsaMailboxSecurityDescriptor 'D:(A;CI;CCSDRC;;;PS)(A;CI;CCSD;;;LA)' ars_srv
This is by design. The edsaMailboxSecurityDescriptor is currently in the SDDL (Security Descriptor Definition Language) format which is the standard format for the security object NTSecurityDescriptor. The framework APIs used only allows us only to display the value in either of the two formats: Binary or SDDL.
An enhancement request (TF00047961) has been created detailing the feature: convert SDDL value to display user friendly (readable) value in the Change History.
The product team will evaluate the request and this feature may become available on a future release of the product.
Please refer to this article for updates or contact support referencing the Enhancement Request ID: TF00047961.