add the proper roles to give the service account user access to the resources you want to access.
On the client configuration page, under Service Account Roles, choose the Client Roles for “realm-management” and add the proper roles to you custom client.
Also make sure the mapper “roles” is added to your client scope.
add an API section to the Docs
https://github.com/keycloak/keycloak-documentation/blob/main/server_admin/topics/clients/oidc/service-accounts.adoc
https://www.keycloak.org/docs/latest/server_admin/index.html#_service_accounts
add the proper roles to give the service account user access to the resources you want to access.
On the client configuration page, under Service Account Roles, choose the Client Roles for “realm-management” and add the proper roles to you custom client.
Also make sure the mapper “roles” is added to your client scope.