There are cases where we need to check the roles that a given user has in a number of sites (realms). The most acute of these is in an authorization routine for OSP, where permission may be granted to roles.
At present, the only way to check multiple roles for a single user is to retrieve each of them individually. For users who belong to many sites, this can be very expensive.
A new method in AuthzGroupService is suggested, implemented, and tested through an updated OSP authorization flow to take advantage of the method.