Simply use the rolesForPermissionOn()
function:
from AccessControl.PermissionRole import rolesForPermissionOn
roles = rolesForPermissionOn(permission, context)
This returns a list of roles that have the specific permission for the given context. It'll walk the acquisition chain as needed.