Does Broadcom have an ACF2 API for applications to make security calls to ACF2 to retrieve XROL information?

ACF2 provides ACF00RBS to return role information. Information for this can be found in the following documentation sections:

Interface with ACF2
Search Role Group List Routine (ACF00RBS)
ACF00RBS Parameter List (XROL)

If exact lists of users are not needed and returning the role record is sufficient with the INCLUDE and EXCLUDE fields as they are (which could have masked logonid information), then either LDAP or ACFUNIX commands can be used to LIST the XROL record.