Decoding object permissions is non-trivial, but I've been using something like the attached workbook to get an overview of permissions on projects, datasources, workbooks, views as well as only differences between projects & workbooks or workbooks & views. Since Tableau permissions are "layered", I try to only use group-level permissions, and try to only have a user in a single group (per site), else the effective permissions a regular user has, becomes a combination of multiple groups/user/All-users grants. The report shows the different flavors of custom roles you have and what workbooks they apply to.
Only allowed/denied permissions are reported, not inherited permissions.
Permissions you see in Tableau don't correspond exactly to the way they are stored in Postgres. This is an approx translation.
Tested on 8.0, 8.1. I can strongly recommend EMS SQL Manager (free) for developing Postgres SQL. Please post your alternatives/improvements.