diff --git a/nova/adminclient.py b/nova/adminclient.py
index 25d5e71cb..5aa8ff9c2 100644
--- a/nova/adminclient.py
+++ b/nova/adminclient.py
@@ -57,6 +57,28 @@ class UserInfo(object):
         elif name == 'secretkey':
             self.secretkey = str(value)
 
+class UserRole(object):
+    """
+    Information about a Nova user's role, as parsed through SAX.
+    Fields include:
+        role
+    """
+    def __init__(self, connection=None):
+        self.connection = connection
+        self.role = None
+    
+    def __repr__(self):
+        return 'UserRole:%s' % self.role
+
+    def startElement(self, name, attrs, connection):
+        return None
+        
+    def endElement(self, name, value, connection):
+        if name == 'role':
+            self.role = value
+        else:
+            setattr(self, name, str(value))
+
 class ProjectInfo(object):
     """
     Information about a Nova project, as parsed through SAX
@@ -114,7 +136,6 @@ class ProjectMember(object):
         else:
             setattr(self, name, str(value))
             
-
 class HostInfo(object):
     """
     Information about a Nova Host, as parsed through SAX:
@@ -196,6 +217,19 @@ class NovaAdminClient(object):
         """ deletes a user """
         return self.apiconn.get_object('DeregisterUser', {'Name': username}, UserInfo)
 
+    def get_user_roles(self, user, project=None):
+        """
+        Returns a list of roles for the given user.
+        Omitting project will return any global roles that the user has.
+        Specifying project will return only project specific roles.
+        """
+        params = {'User':user}
+        if project:
+            params['Project'] = project
+        return self.apiconn.get_list('DescribeUserRoles',
+                                     params,
+                                     [('item', UserRole)])
+
     def add_user_role(self, user, role, project=None):
         """
         Add a role to a user either globally or for a specific project.
diff --git a/nova/endpoint/admin.py b/nova/endpoint/admin.py
index c4b8c05ca..a3114c0a3 100644
--- a/nova/endpoint/admin.py
+++ b/nova/endpoint/admin.py
@@ -102,6 +102,19 @@ class AdminController(object):
 
         return True
 
+    @admin_only
+    def describe_roles(self, context, project_roles=True, **kwargs):
+        """Returns a list of allowed roles."""
+        return manager.AuthManager().get_roles(project_roles)
+
+    @admin_only
+    def describe_user_roles(self, context, user, project=None, **kwargs):
+        """Returns a list of roles for the given user.
+           Omitting project will return any global roles that the user has.
+           Specifying project will return only project specific roles.
+        """
+        return manager.AuthManager().get_user_roles(user, project=project)
+
     @admin_only
     def modify_user_role(self, context, user, role, project=None,
                          operation='add', **kwargs):