according to the docs... if I interpret them right
getRoles returns roles assigned to the context given, this is wise since it is usualy used to check if the current user invoking the call has the rights in a form, workflow or similiar...
Adding the "accountId" string as a second argument would invoke this form of the getRoles
public static java.util.List getRoles(LighthouseContext s, java.lang.String current) throws WavesetException
This variant allows a specific name to be included in the returned list. Used to ensure that the current value of a role may continue to be assigned even though the current admin may not have access to that role.
I believe you should get the users view and get your info from there...
if you try using the debug page and getObject User and the accountId, you will see the user in its full glory...
there you can see what you might want to do I hope