Mitigation runs against role but not user with same role assignment

Hello, I'm currently running Compliance Calibrator 4.0. I've created a Mitigation Control and assigned a number of Risks to the Mitigation Control.

I've then assigned the Risks in that Mitigation Control to a specific role.

When I run the SoD check, the role no longer shows any issues. This is good and expected.

However, when I run the SoD against a user that has that role assigned the user is reported with issues when no SoD issues should be shown.

Am I missing something? I don't believe I need to assign Mitigation Control to the user, because one day the risk might be valid to that user, but just not for the role I'm trying to mitigate against. Many thanks.