The following command could help. It basically gets the RoleBindings and ClusterRoleBindings which .subjects[0] is the name of the ServiceAccount.
$ kubectl get rolebinding,clusterrolebinding --all-namespaces -o jsonpath="{range .items[?(@.subjects[0].name=="SERVICE_ACCOUNT_NAME")]}[{.roleRef.kind},{.roleRef.name}]{end}"
Note: it will not list the RoleBindings / ClusterRoleBindings which contain several objects in the subject field
For instance, if weave-net is deployed as the network plugin, you can get the Role and ClusterRole used by the weave-net ServiceAccount:
$ kubectl get rolebinding,clusterrolebinding --all-namespaces -o jsonpath="{range .items[?(@.subjects[0].name=="weave-net")]}[{.roleRef.kind},{.roleRef.name}]{end}"
[Role,weave-net][ClusterRole,weave-net]
Hope this helps.