Unless there are other exclusions and conflicts, userA will be a member of Roles A,B and C.
As a general rule if there are conflicts , then permissions are denied.
There are numerous posts on this topic in the Admin & Deploy forum like this one: https://communities.sas.com/t5/Administration-and-Deployment/SAS-Metadata-Roles-amp-Capabilities-Rep...
I'll leave you to search for others.
@gwootton is a great help on unravelling the complexities of SAS metadata. Maybe he can help in this case. But I suggest you search the admin forum for "metadata roles" to see if there are more relevant solutions to try.
I'm not sure if you are open to using a commercial product for this but if you are then you could consider our Metacoda Plug-ins Role Reviewer. It is a plug-in to SAS Management Console that presents a list of roles and their members via direct membership, indirect membership and implicit membership. Here is a sample screenshot:
It will also gracefully handle infinite loops in group memberships and role contributions and show/hide duplicate membership paths. If you are interested in capabilities then it also shows which capabilities are granted to members, directly or indirectly through role contributions. All of this information is available to export to HTML for security documentation purposes.
The plug-in will help if you want to quickly answer a question of who are all the members of this role and by what path or paths are they a member. If you are after the underlying data to do custom reporting not available in the plug-ins themselves then it can be exported into an XML format for which we provide SAS XML Libname Engine maps to query them as SAS tables - see https://github.com/Metacoda/sectest-maps
If this is of interest and you would like to try it out for yourself (as well as all of the other included plug-ins) then you can sign up for a free 30 day evaluation at https://www.metacoda.com/en/evaluation/ I'd be happy to arrange a web meeting to go through them in more detail if you like.
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.
Find more tutorials on the SAS Users YouTube channel.