create_client_role
Create a new client role in Keycloak to define permissions and access controls for specific applications within your identity management system.
Instructions
Create a new client role.
Args:
client_id: Client database ID
name: Role name
description: Role description
composite: Whether this is a composite role
realm: Target realm (uses default if not specified)
Returns:
Status messageInput Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| client_id | Yes | ||
| name | Yes | ||
| description | No | ||
| composite | No | ||
| realm | No |
Implementation Reference
- src/tools/role_tools.py:176-205 (handler)The core handler function for the 'create_client_role' tool, decorated with @mcp.tool() for automatic registration and schema inference. It constructs role data and makes a POST request to Keycloak's client roles endpoint using the KeycloakClient helper.
@mcp.tool() async def create_client_role( client_id: str, name: str, description: Optional[str] = None, composite: bool = False, realm: Optional[str] = None, ) -> Dict[str, str]: """ Create a new client role. Args: client_id: Client database ID name: Role name description: Role description composite: Whether this is a composite role realm: Target realm (uses default if not specified) Returns: Status message """ role_data = {"name": name, "composite": composite, "clientRole": True} if description: role_data["description"] = description await client._make_request( "POST", f"/clients/{client_id}/roles", data=role_data, realm=realm ) return {"status": "created", "message": f"Client role {name} created successfully"}