CentralAuth's Special:GlobalGroupMembership (aka Special:GlobalUserRights) only allows users to use it who are already in a global group that confers the 'globalgroupmembership' right -- no local group can apply this property.
While this sounds nice, it seems to involve a bit of a chicken-and-egg problem: without diving into the raw database, there's nobody who can add the first global op user to the appropriate group.
T19308: CentralAuth's global logs (gblrights/globalauth) should be global or central instead of local requests entirely *removing* the global right and replacing it with *only* a local right, for a different reason -- ensuring that it can only be run from a single wiki. This appears to be motivated by logging issues -- apparently we don't (or didn't, don't know the current status) have global logs for global actions like this, so the logs go into the local wiki where they might not be seein.
Either way, it would be useful to have some way to actually set it in the first place...