Well it would not be possible because you don't have enough information about Permissions in the User.
If you think at a many-to-many relationship, on the database it's a relation table between two other tables.
Now, in your User entity you're correctly using a Set to see all the relations stored in this cross table (let's say user_permission). But at this level you're not able to know the default permissions, that can be retrieved via a PermissionDAO very easily (I assume you're using a DAO/Service design, if not adjust it to your needs).
If you want a superset (allowedPermissions + defaultPermissions), then you can maybe write a utility method at service layer if you like: