The current implementation description (https://kb.askmonty.org/en/server_audit-plugin/) says:

server_audit_incl_dml_users:
... When it's set, the server_audit_excl_dml_users will be emptied as they can't be specified simultaneously. ...

The same goes for all 4 of include/exclude variables, and it indeed works this way.

Please reconsider this.

Imagine that an admin created a long list of users to audit (hand-picking them manually, maybe over the time), then realized that one or two are not needed, and decided (logically) to add them to the list of excluded users, thinking it would work. Instead, the whole precious long list got wiped off.

Ideally, both lists should work simultaneously. The logic doesn't seem complicated:

incl='', excl='' - all users are logged;
incl='', excl='foo, bar' - all users except for foo and bar are logged;
incl='foo, bar', excl='' - only foo and bar are logged;
incl='foo, bar', excl='bar, foobar' - only foo is logged;

But if on some reason it's impossible or undesirable, and incl/excl lists cannot work simultaneously, throw an error on an attempt to populate one when another is not empty. Make the user to set the old list to an empty value manually – it's just one statement (and it should not happen often, so not a huge burden), but it will prevent human errors.