diff --git a/charms/keystone-k8s/src/utils/manager.py b/charms/keystone-k8s/src/utils/manager.py
index 992ad76c..5fee497b 100644
--- a/charms/keystone-k8s/src/utils/manager.py
+++ b/charms/keystone-k8s/src/utils/manager.py
@@ -470,6 +470,8 @@ class KeystoneManager(framework.Object):
             password=password,
             domain=domain,
         )
+        # NOTE(gboutry): Remove admin role when services support working with
+        # service role only.
         self.ksclient.grant_role(
             role=self.charm.admin_role,
             project=project,
@@ -477,6 +479,14 @@ class KeystoneManager(framework.Object):
             project_domain="service_domain",
             user_domain="service_domain",
         )
+        # Service role introduced in 2023.2
+        self.ksclient.grant_role(
+            role="service",
+            project=project,
+            user=service_user.get("name"),
+            project_domain="service_domain",
+            user_domain="service_domain",
+        )
         return service_user
 
     def update_service_catalog_for_keystone(self):