Jeroen is obviously right, report_scope was only built to emulate a report that was constructed 30+ years ago. Fixing it to show multiple access_via_when paths would break backward compatibility.
Unfortunately, the idea to use NEWLIST TYPE=RACF SCOPE=user_id does not cut muster because this does not provide an effective ACCESS value for user_id and does not have a field VIA at all. So that's no good. NEWLIST TYPE=TRUSTED is usually my go-to for listing multiple access paths, but this only shows profiles protecting trusted data sets and resources, so no good.
You can combine the output of several report scopes using mergelist. This sorts the output but does not resolve different access level that your connect groups may be permitted.
newlist type=report_scope nodup
sortlist class key access_via_when
mergelist
report scope=user_id
report scope=group_1
report scope=group_2
endmerge
You could use two-pass processing to generate this piece of code:
newlist type=racf dd=ckr2pass nopage name=idsel
s class=user s=base key=user_id
sortlist,
"n type=report_scope nodup",
/ "sortlist class key access_via_when",
/ "mergelist",
/ "report scope=" | key(8)
newlist type=racf dd=ckr2pass nopage
s likelist=idsel cggrpct>1
sortlist,
"report scope=" | cggrpnm
newlist type=racf dd=ckr2pass nopage
s likelist=idsel
sortlist,
"endmerge"
Enter this code using menu option CO.C (or CARLA command), or use the C2RC2 proc with inline SYSIN DD.