Some folks have asked about doing a query of  a given user's roles. While this is not yet in the UI it is pretty easy to do via script. Here's a sample, if you're integrating AzMan interfaces into your custom UI this logic could be used to implement a user role query across a store.

' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
' ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
' THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
' PARTICULAR PURPOSE.
'
'  Copyright (c) Microsoft Corporation. All rights reserved
'
'
' Script to query and dump a users roles in a specified AzMan
' store across all applications in the store
'

Option Explicit
Dim objArgs
Set objArgs = WScript.Arguments
If objArgs.count <> 2 then
  wscript.echo "Usage: GetRoles <AzManStoreURL> <UserName>"
  wscript.echo "Example: SetBizRule msxml://c:\AzStore.xml nwtraders\JohnDoe"
  wscript.echo "Run in'cscript' command in cmd.exe to avoid msg boxes"
Else
Dim AzManStoreURL : AzManStoreURL = objArgs(0)
Dim UserName: UserName = objArgs(1)
End If

'
'--- Initilaize the Authorization Manager store object
'
Dim pAzManStore
Set pAzManStore = CreateObject("AzRoles.AzAuthorizationStore")
pAzManStore.Initialize 0, AzManStoreURL
pAzManStore.Submit

'
'--- Dump a users roles
'
Dim Apps,App
Dim ClientContext
Dim ClientScopes,Scope
Dim CurrentScopesPage
Dim ClientRoles, Role
Dim MoreScopes


'
'--- For each app create a clientcontext and enumerate roles in scopes
'
Set apps = pAzManStore.Applications

wscript.echo ("Roles for " & UserName)
for each app in apps

   Set ClientContext = app.InitializeClientContextFromName(UserName)
   wscript.echo (vbnewline & "Application: " & app.name)
  
   Set CurrentScopesPage = nothing
   Set ClientScopes = nothing
   MoreScopes = True

   do while MoreScopes = True       
      ClientScopes = ClientContext.GetAssignedScopesPage(0,9,CurrentScopesPage)

      for each scope in ClientScopes
         If scope = "" then
            wscript.echo ("  Applicaiton Level Roles:")
         Else
            wscript.echo ("    Scope '" & scope & "' Roles:")
         End if

         ClientRoles = ClientContext.GetRoles (scope)
         for each role in ClientRoles
            wscript.echo ("      " & role)
         next
      next

      if UBound(ClientScopes) = -1 then
         MoreScopes = FALSE
      End If
   loop
next