that is quite a hard/tricky job, I would advise you to talk to SAS Technical Support about it.
There is a great tool, to check metadata permissions and roles, Metacoda. ( @MichelleHomes, @PaulHomes, I summon you). You can peek the took at www.metacoda.com and if you are interested on it, I am sure Michelle and Paul Homes can give you more details.
In short, this tool can create a report of your SAS metadata permissions, groups, and roles memberships. SAS Portal has, additionally to the SAS metadata, an additional set up, not query-able by Metacoda. Perhaps you won't need that additional stuff for your purposes, then the Metacoda tool is enough. if you need the additional info, best way is to contact SAS Tech Support.
The Identity Permissions Explorer is one of the Metacoda Plug-ins that Juan mentioned. It is used to find out what objects a user has access to and what level of access they have on those objects. This can, of course, also be used on portal permission trees. By finding the portal permissions tree where a user has +WM we can see which ones they are group content admin for.
This particular solution involves a commercial product but, if you are interested in trying it out, you can register for a free 30 day evaluation to use in your own environment. If it's a one-off question then you can use the evaluation to answer it. If it's an ongoing requirement then we hope you'll find this and the other plug-ins useful enough to warrant looking into licensing options.