Assigning admin role to the client service account

Hello everyone,

I would like to receive some advices on the following scenario:

I have created a new client in Keycloak, and I want to use as client authenticator, a x509 certificate. However, using this certificate I also want to have access to the administration of the realm (creating users, getting users info, etc.). That means that I have to grant admin role to the client_service_account.

I am a little concerned of doing this, because I don’t want to introduce a security vulnerability in my system, by creating a really powerful client with admin rights.