[feature request] Make keycloak_group_roles and keycloak_user_roles non-authoritative

[dohoangkhiem]

In our organization we have multiple realms and many of them share common roles and roles' mappings to users/groups, which we want to manage in a reusable module, then in each realm there could be its own special roles. Then we see the non-authoritative-ness of group roles and user roles caused troubles as the subsequent assignment of roles in each realm to groups or users will cancel out previous ones, this made us to have to duplicate the common part in every realm.
This inherently also a difficulty to manage group/user roles from multiple places.
So, the question is: Is there any issues or limitations from Keycloak that prevented the provider to support keycloak_group_roles and keycloak_user_roles in a non-authoritative way (or at least make it an option)?

[mrparkers]

Hey @dohoangkhiem, the ability to use keycloak_group_roles and keycloak_user_roles in a non-authoritative manner (via exhaustive = false) will be available in the next release.