Case 1: There is no mitigation assigned to user at user level
Case 2: Risk analysis on role level/user level with one only composite role 1 will not give any conflicts
Case 3 : Risk analysis on role level / user level with one only composite role 2 will not give any conflicts
Case 4 : assigning both composite roles will give user level SOD Conflicts but those risks are of composite 1 which is already mitigated at role level and that is way i have not got any SOD in Case 2.
Regards,
Satyajit