Hello, I have been looking at service accounts recently. So, from what i understand, for the service account to manage users and roles, it has to be given the `realm_management.manage-users` client role right? My confusion is that once a client has the following permission, it can technically manage the roles for the whole realm right? Is there a way to limit this to just the client. So, the client should be able to manage roles and user-role mapping for the client itself. Is it possible to do something like that? -- --- Avinash Kundaliya avinash(a)avinash.com.np http://avinash.com.np