How to give user access for parameters in Jenkins basused on user role in Role-based Authorization Strategy plugin

I want to give user access for parameters in Jenkins basused on user role.

so I am using Role-based Authorization Strategy and Active Choices parameter plugins and trying to do this and I successfully gave user access for parameters based on user name but not based on user roles.

I want to do the same based on user roles.

import jenkins.model.Jenkins 
import hudson.model.User  

// Get the current user 
User currentUser = User.current()  

// Get the username of the current user 
String currentUsername = currentUser != null ? currentUser.fullName : null 

// Define the available environments based on usernames 
def envChoices = []  

if (currentUsername == "DevUser1") {
 envChoices += "DEV" 
if (currentUsername == "QAUser1") {
 envChoices += "QA" 
// Check if the user has the role "admin" to list all parameters (DEV, QA, PROD) if (currentUsername == "Admin") { envChoices += ["DEV", "QA", "PROD"]

return envChoices

Also how to list user roles in Jenkins groovy script console does Role-based Authorization Strategy plugin have variables? I could not find it.

You can call the methods of the REST api within your groovy script.
The method doGetRole is what you need here probably.

Jenkins jenkins = Jenkins.get()
rbas = jenkins.getAuthorizationStrategy()
json = rbas.doGetRole("globalRoles", "admin")
def slurper = new JsonSlurper()
def result = slurper.parseText(json)

There is no method available that lists all roles a user belongs to.

You would also need to check if any of the groups a user belongs is in the admin role to be 100% correct.
currentUser.getAuthorities() gives you the list of groups the user belongs to.

Using getAuthorities seems to be the correct method, however I can not get list of roles using this approach for a user without admin rights.

The idea being how can I determine a role for a current user without admin rights?

It works when you give admin permissions. However this defeats the purpose of make script choices for a user based on there role?

Is there another way to obtain a current users role that does not have admin permissions?

latest version of rolestategy plugin has 2 steps for pipeline jobs that allow to fetch the roles of the user that started the build. See Role-based Authorization Strategy