What are the risks related to the SA029 rule related to Administer Roles?

Changes to roles could result in changes to user access (via changes to the roles, duty roles), the data users can access, and/or access to scheduled processes. This could give users access to new forms / pages allowing them to access to approval processes, key control configurations, sensitive data, or SOD violations.