diff --git a/src/groupdb.js b/src/groupdb.js
index f16ce5cbb..9c6b7badc 100644
--- a/src/groupdb.js
+++ b/src/groupdb.js
@@ -19,13 +19,16 @@ exports = module.exports = {
     getGroups: getGroups,
     setGroups: setGroups,
 
+    getRoles: getRoles,
+
     _clear: clear
 };
 
 var assert = require('assert'),
     database = require('./database.js'),
     DatabaseError = require('./databaseerror'),
-    safe = require('safetydance');
+    safe = require('safetydance'),
+    _ = require('underscore');
 
 var GROUPS_FIELDS = [ 'id', 'name', 'rolesJson' ].join(',');
 
@@ -280,3 +283,20 @@ function isMember(groupId, userId, callback) {
         callback(null, result.length !== 0);
     });
 }
+
+function getRoles(userId, callback) {
+    assert.strictEqual(typeof userId, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    database.query('SELECT ' + GROUPS_FIELDS + ' ' +
+        ' FROM groups INNER JOIN groupMembers ON groups.id = groupMembers.groupId AND groupMembers.userId = ?', [ userId ], function (error, results) {
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+
+        results.forEach(postProcess);
+
+        var merged = [].concat.apply([], results.map(function (r) { return r.roles; }));
+
+        callback(null, _.uniq(merged));
+    });
+}
diff --git a/src/groups.js b/src/groups.js
index 9c156c80f..c19c6ea93 100644
--- a/src/groups.js
+++ b/src/groups.js
@@ -19,6 +19,7 @@ exports = module.exports = {
     isMember: isMember,
 
     setRoles: setRoles,
+    getRoles: getRoles,
 
     getGroups: getGroups,
     setGroups: setGroups
@@ -267,3 +268,15 @@ function setRoles(groupId, roles, callback) {
         callback(null);
     });
 }
+
+function getRoles(userId, callback) {
+    assert.strictEqual(typeof userId, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    groupdb.getRoles(userId, function (error, roles) {
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
+        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+
+        callback(null, roles);
+    });
+}
diff --git a/src/test/groups-test.js b/src/test/groups-test.js
index 79e6f4429..fba84b8bb 100644
--- a/src/test/groups-test.js
+++ b/src/test/groups-test.js
@@ -385,11 +385,13 @@ describe('Roles', function () {
     before(function (done) {
         async.series([
             setup,
+            userdb.add.bind(null, USER_0.id, USER_0),
             function (next) {
                 groups.create(GROUP0_NAME, [ /* roles */ ], function (error, result) {
                     if (error) return next(error);
                     group0Object = result;
-                    next();
+
+                    groups.setGroups(USER_0.id, [ group0Object.id ], next);
                 });
             },
         ], done);
@@ -403,7 +405,7 @@ describe('Roles', function () {
         });
     });
 
-    it('can get roles', function (done) {
+    it('can get roles of a group', function (done) {
         groups.get(group0Object.id, function (error, result) {
             expect(error).to.be(null);
             expect(result.roles).to.eql([ accesscontrol.ROLE_OWNER ]);
@@ -411,6 +413,14 @@ describe('Roles', function () {
         });
     });
 
+    it('can get roles of a user', function (done) {
+        groups.getRoles(USER_0.id, function (error, roles) {
+            expect(roles.length).to.be(1);
+            expect(roles[0]).to.be('owner');
+            done();
+        });
+    });
+
     it('cannot set invalid role', function (done) {
         groups.setRoles(group0Object.id, [ accesscontrol.ROLE_OWNER, 'janitor' ], function (error) {
             expect(error).to.be.ok();