How can I get list of spedific group/roles that are required during permission evaluation for the specific scope/resources.