diff --git a/src/test/java/de/itvsh/kop/user/StubUserResource.java b/src/test/java/de/itvsh/kop/user/StubUserResource.java
index da5decc3b8706ae4e4a1e340bcefd5877f5f7e8f..5d08ebd77f697728cde39b318c0f6bfd3b22d3d6 100644
--- a/src/test/java/de/itvsh/kop/user/StubUserResource.java
+++ b/src/test/java/de/itvsh/kop/user/StubUserResource.java
@@ -212,7 +212,7 @@ class StubUserResource implements UserResource {
 			public MappingsRepresentation getAll() {
 				var rep = new MappingsRepresentation();
 				var clientMapRep = new ClientMappingsRepresentation();
-				var roleRep = new RoleRepresentation(UserRepresentationTestFactory.ROLE, "Test role", false);
+				var roleRep = new RoleRepresentation(UserRepresentationTestFactory.ROLE_NAME, "Test role", false);
 				clientMapRep.setMappings(List.of(roleRep));
 				rep.setClientMappings(Map.of("sh-kiel-dev-goofy", clientMapRep));
 				return rep;
diff --git a/src/test/java/de/itvsh/kop/user/UserRepresentationTestFactory.java b/src/test/java/de/itvsh/kop/user/UserRepresentationTestFactory.java
index 7cf0e921d65abccb661e761c2e569867ddafee87..b5fbc8eda474c54a11fcb3b9922840df475dcfb4 100644
--- a/src/test/java/de/itvsh/kop/user/UserRepresentationTestFactory.java
+++ b/src/test/java/de/itvsh/kop/user/UserRepresentationTestFactory.java
@@ -17,7 +17,7 @@ public class UserRepresentationTestFactory {
 
 	static final String EXTERNAL_ID = "external-id-1-ldap";
 	static final String EXTERNAL_ID_FALLBACK = "external-id-2-keykloak";
-	static final String ROLE = "VERWALTUNG_USER";
+	static final String ROLE_NAME = "VERWALTUNG_USER";
 
 	private static final long CREATED = Instant.now().toEpochMilli();
 
@@ -31,8 +31,8 @@ public class UserRepresentationTestFactory {
 			LDAP_ID_KEY, List.of(EXTERNAL_ID),
 			ORGANISATIONS_EINHEIT_ID_KEY, List.of(ORGANSISATIONS_EINHEIT_ID));
 
-	private static final String CLIENT_KEY = "sh-kiel-dev-goofy";
-	private static final Map<String, List<String>> CLIENT_ROLED = Map.of(CLIENT_KEY, List.of(ROLE));
+	static final String CLIENT_KEY = "sh-kiel-dev-goofy";
+	private static final Map<String, List<String>> CLIENT_ROLED = Map.of(CLIENT_KEY, List.of(ROLE_NAME));
 
 	static UserRepresentation createWithAttributes(Map<String, List<String>> attributes) {
 		var user = create();
diff --git a/src/test/java/de/itvsh/kop/user/UserResourceMapperTest.java b/src/test/java/de/itvsh/kop/user/UserResourceMapperTest.java
index ed09c68d2dd46b470072c76cc03344a865c3f94a..89d739d108f99f4e5ca9cb51f10f5146bb396735 100644
--- a/src/test/java/de/itvsh/kop/user/UserResourceMapperTest.java
+++ b/src/test/java/de/itvsh/kop/user/UserResourceMapperTest.java
@@ -1,34 +1,45 @@
 package de.itvsh.kop.user;
 
-import static org.assertj.core.api.Assertions.*;
 import static org.mockito.Mockito.*;
 
+import java.util.Collections;
+import java.util.List;
 import java.util.Map;
 
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
+import org.keycloak.admin.client.resource.RoleMappingResource;
+import org.keycloak.admin.client.resource.RoleScopeResource;
+import org.keycloak.admin.client.resource.UserResource;
+import org.keycloak.representations.idm.ClientMappingsRepresentation;
+import org.keycloak.representations.idm.MappingsRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
 import org.mapstruct.factory.Mappers;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 
+import static org.assertj.core.api.Assertions.*;
+
 import de.itvsh.kop.user.keycloak.KeycloakApiProperties;
 
 class UserResourceMapperTest {
+
 	@InjectMocks
 	private UserResourceMapper mapper = Mappers.getMapper(UserResourceMapper.class);
 
 	@Mock
-	private KeycloakApiProperties apiProperties;
+	private KeycloakApiProperties properties;
 
 	@Nested
 	class TestMapping {
 
 		@BeforeEach
 		void init() {
-			when(apiProperties.ldapIdKey()).thenReturn("LDAP_ID");
-			when(apiProperties.organisationsEinheitIdKey()).thenReturn("organisationseinheitId");
-			when(apiProperties.client()).thenReturn("sh-kiel-dev-goofy");
+			when(properties.ldapIdKey()).thenReturn("LDAP_ID");
+			when(properties.organisationsEinheitIdKey()).thenReturn("organisationseinheitId");
+			when(properties.client()).thenReturn("sh-kiel-dev-goofy");
 		}
 
 		@Test
@@ -91,7 +102,95 @@ class UserResourceMapperTest {
 		void shouldMapRoles() {
 			User user = mapper.toKopUser(UserResourceTestFactory.create());
 
-			assertThat(user.getRoles()).isNotEmpty().contains(UserRepresentationTestFactory.ROLE);
+			assertThat(user.getRoles()).isNotEmpty().contains(UserRepresentationTestFactory.ROLE_NAME);
+		}
+	}
+
+	@DisplayName("Get client roles")
+	@Nested
+	class TestGetClientRoles {
+
+		@Mock
+		private UserResource userResource;
+
+		@Mock
+		private RoleMappingResource roleMappingResource;
+		@Mock
+		private RoleScopeResource roleScopeResource;
+		@Mock
+		private MappingsRepresentation mappingsRepresentation;
+		@Mock
+		private Map<String, ClientMappingsRepresentation> clientMappingsRepresentation;
+		@Mock
+		private ClientMappingsRepresentation clientMappingRepresentation;
+
+		@BeforeEach
+		void init() {
+			when(userResource.roles()).thenReturn(roleMappingResource);
+			when(roleMappingResource.getAll()).thenReturn(mappingsRepresentation);
+		}
+
+		@DisplayName("on existing roles")
+		@Nested
+		class TestOnAssignedRoles {
+
+			@BeforeEach
+			void init() {
+				when(properties.client()).thenReturn(UserRepresentationTestFactory.CLIENT_KEY);
+
+				when(mappingsRepresentation.getClientMappings()).thenReturn(clientMappingsRepresentation);
+				when(clientMappingsRepresentation.containsKey(UserRepresentationTestFactory.CLIENT_KEY)).thenReturn(true);
+				when(clientMappingsRepresentation.get(UserRepresentationTestFactory.CLIENT_KEY)).thenReturn(clientMappingRepresentation);
+				when(clientMappingRepresentation.getMappings()).thenReturn(List.of(createRoleRepresentation()));
+			}
+
+			private RoleRepresentation createRoleRepresentation() {
+				var roleRepresentation = new RoleRepresentation();
+				roleRepresentation.setName(UserRepresentationTestFactory.ROLE_NAME);
+				return roleRepresentation;
+			}
+
+			@Test
+			void shouldReturnRolesIfExists() {
+				var roles = mapper.mapRoles(userResource);
+
+				assertThat(roles).isNotEmpty();
+				assertThat(roles.get(0)).isEqualTo(UserRepresentationTestFactory.ROLE_NAME);
+			}
+		}
+
+		@Nested
+		class TestOnNonExistingClient {
+
+			@BeforeEach
+			void init() {
+				when(properties.client()).thenReturn(UserRepresentationTestFactory.CLIENT_KEY);
+
+				when(mappingsRepresentation.getClientMappings()).thenReturn(Collections.emptyMap());
+			}
+
+			@Test
+			void shouldReturnEmptyListIfNoRolesAttached() {
+				var roles = mapper.mapRoles(userResource);
+
+				assertThat(roles).isEmpty();
+			}
+		}
+
+		@Nested
+		class TestNullClientMappings {
+
+			@BeforeEach
+			void init() {
+				when(mappingsRepresentation.getClientMappings()).thenReturn(null);
+			}
+
+			@Test
+			void shouldReturnEmptyListIfNoRolesAttached() {
+				var roles = mapper.mapRoles(userResource);
+
+				assertThat(roles).isEmpty();
+			}
 		}
 	}
-}
+}
\ No newline at end of file