def is_grant_allowed(my_roles, target_roles, allowed_grant):
    allowed = {
        role
        for r in my_roles
        for role in next((g['allowed'] for g in allowed_grant if g['roles'] == r), [])
    }
    return all(role in allowed for role in target_roles)

def get_disallowed_roles(my_roles, target_roles, allowed_grant):
    allowed = {
        role
        for r in my_roles
        for role in next((g['allowed'] for g in allowed_grant if g['roles'] == r), [])
    }
    return [r for r in target_roles if r not in allowed]