I have been wanting to do something like this as well. I think the problem is how granular you want them to be with it. Permissions are a hard thing to visualize like that. One person may have Edit capability to a table that is limited to a subset of records while another person may have the ability to Edit everything, how would that easily be displayed on a chart or access matrix? You may need to create levels of editing/viewing capability and list those.
I can tell you what my eventual plan for doing something similar is, because as far as I can tell there is nothing in the API that supports this. If there is a way to do this with the API I would love to know as well. This may or may not help you but hopefully it does.
What I have done in the past when I needed information the API would not give me is I used Python and Selenium to grab the list of tables and then to visit each table at a certain page to gather the information I needed from my app. This could be done at the Role level. Then you could go to each permissions page for the roles and harvest the permissions for each table. This is where you run into the problem I mentioned before. You will need to figure out a way to determine a level of permission for View and Edit, or simply say that anyone with the ability to View or Edit any records is just said to have those permissions, and not dive deeper. If you do this just make sure to rate limit yourself to something reasonable like an action a second at least so Quickbase doesn't flag you as really hammering their system.
