Deleting built-in client roles?

[akikoskinen]

Problem Statement

If I understand the code in RoleImportService correctly, it seems that keycloak-config-cli never deletes client roles that are offered by default by Keycloak. That's probably generally good behavior. But now I have a situation where I should be able to delete a built-in client role.

Proposed Solution

Perhaps the current behavior could be maintained as it is. But how about offering a setting that could be used to bypass this, allowing also deleting built-in client roles?

Environment

• keycloak-config-cli version: 5.5.0

[Motouom]

Hello @akikoskinen
While keycloak-config-cli may have restrictions on deleting built-in client roles for safety reasons, Keycloak itself does allow for the deletion of client roles, including built-in ones, directly through its Admin Console or REST API.
To delete a client role using the Admin Console:

• Log in to the Keycloak Admin Console
• Select the appropriate realm
• Go to the "Clients" section
• Select the client for which you want to delete a role
• Click on the "Roles" tab
• Find the role you wish to delete
• Click on the "Delete" button next to the role

Also, you can enable remote state management and see if you be able to manage the clients and roles