There's no "official" way, because CGI::Application::Plugin::Authorization is designed to be generic enough that one can customize it as needed. For example, you can implement an authorization check based on IP address. In that case, you don't really have "roles" (unless you consider "authorized" and "not authorized" roles).

On the other hand, you can create a "roles" database table and use the CGI::Application::Plugin::Authorization::Driver::DBI to implement a system that uses it. That would let you do something like:

if ( $self->authz->authorize('role1') ) {
  # user belongs to the role1 group
} else {
  # authorization failed
}
[download]

But if you want to do something like:

my @roles = $self->authz->get_roles( $user );
[download]

Then you should probably create your own authorization module, derived from CGI::Application::Plugin::Authorization, and then implement methods like get_roles() based on your particular implementation details.