This is a SQL script to get a list of duties and privileges based on a security role. I definitely saw something similar before, but couldn't find it again. So I'm putting it down here for reference.
USE [Model database name];
SELECT secRole.AOTNAME [Role_Name], secRoleExplode.SECURITYROLE,
secRole2.AOTNAME [Subrole_Name], secRoleExplode.SECURITYSUBROLE,
secTask.AOTNAME [Task_name], secRoleTask.SECURITYTASK,
secTask2.AOTNAME [Subtask_name], secTaskExplode.SECURITYSUBTASK,
CASE
WHEN secTask2.TYPE = 0 THEN 'Privilege'
WHEN secTask2.TYPE = 1 THEN 'Duties'
ELSE 'Other'
END AS OBJECTTYPE
FROM SECURITYROLE secRole
join SECURITYROLEEXPLODEDGRAPH secRoleExplode
ON secRole.RECID = secRoleExplode.SECURITYROLE
JOIN SECURITYROLE secRole2
ON secRoleExplode.SECURITYSUBROLE = secRole2.RECID
JOIN SECURITYROLETASKGRANT secRoleTask
ON secRoleExplode.SECURITYSUBROLE = secRoleTask.SECURITYROLE
JOIN SECURITYTASK secTask
ON secTask.RECID = secRoleTask.SECURITYTASK
JOIN SECURITYTASKEXPLODEDGRAPH secTaskExplode
ON secRoleTask.SECURITYTASK = secTaskExplode.SECURITYTASK
JOIN SECURITYTASK secTask2
ON secTaskExplode.SECURITYSUBTASK = secTask2.RECID
WHERE secRole.AOTNAME = 'HcmEmployee'
ORDER BY OBJECTTYPE, secRoleExplode.SECURITYSUBROLE
This posting is provided "AS IS" with no warranties, and confers no rights.