To create and manage roles, you must have one of the following identity applications roles:
Resource Administrator
Resource Manager