diff --git a/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmMapper.java b/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmMapper.java
index d2696dce3af374fafe87a870f207a9aa246f2f85..4d7ea13cee8049f582fa576a627bbcc4adad3172 100644
--- a/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmMapper.java
+++ b/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmMapper.java
@@ -88,4 +88,8 @@ interface KeycloakRealmMapper {
 
 	}
 
+	
+
+
+
 }
diff --git a/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmRemoteService.java b/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmRemoteService.java
index b58998e58b61c9204b5dc3b5e6c247b178219ec9..4a406700902da42d9f6150e9337319f52def6079 100644
--- a/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmRemoteService.java
+++ b/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmRemoteService.java
@@ -23,10 +23,16 @@
  */
 package de.ozgcloud.operator.keycloak.realm;
 
+import java.util.Objects;
+import java.util.Optional;
+
 import org.keycloak.admin.client.Keycloak;
 import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.representations.idm.RolesRepresentation;
 import org.springframework.stereotype.Component;
 
+import de.ozgcloud.operator.keycloak.KeycloakException;
 import lombok.RequiredArgsConstructor;
 
 @RequiredArgsConstructor
@@ -47,4 +53,22 @@ class KeycloakRealmRemoteService {
 		keycloak.realm(realm.getRealm()).update(realm);
 	}
 
+
+	public Optional<RoleRepresentation> getRealmRole(String roleName, String realmName) {
+		return Optional.ofNullable(keycloak.realm(realmName).roles())
+				.orElseThrow(() -> new KeycloakException("Realm with Name " + realmName + " not found."))
+				.list()
+				.stream().filter(role -> Objects.equals(roleName, role.getName()))
+				.findFirst();
+	}
+
+
+	public void updateRealmRole(RoleRepresentation role, String realm) {
+		keycloak.realm(realm).roles().get(role.getName()).update(role);
+	}
+
+	public void addRealmRole(RoleRepresentation role, String realm) {
+		keycloak.realm(realm).roles().create(role);
+	}
+
 }
diff --git a/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmService.java b/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmService.java
index 40cf850be49713dd656ff2d04a69c7d58be4c9ed..8ba5cb9509c73210f25fd46269c559f8a5a925a4 100644
--- a/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmService.java
+++ b/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmService.java
@@ -62,6 +62,7 @@ class KeycloakRealmService {
 		try {
 			LOG.debug("{}: Updating existing realm...", existingRealm);
 			var realmRepresentation = mapper.update(existingRealm, spec);
+			//LOG.info(realmRepresentation.getRoles()  + "realm Spec with roles");
 			remoteService.updateRealm(realmRepresentation);
 		} catch (Exception e) {
 			LOG.warn(existingRealm + ": Updating existing realm failed: ", e);
@@ -71,6 +72,14 @@ class KeycloakRealmService {
 
 	}
 
+	void addOrUpdateRealmRoles(OzgCloudKeycloakRealmSpec spec, String realm) {
+		spec.getRealmRoles().forEach(
+				roleSpec -> remoteService.getRealmRole(roleSpec.getName(), realm)
+						.ifPresentOrElse(
+								existingRole -> remoteService.updateRealmRole(mapper.map(roleSpec), realm),
+								() -> remoteService.addRealmRole(mapper.map(roleSpec), realm)));
+	}
+
 	RealmRepresentation addRealmName(RealmRepresentation realm, String realmName) {
 		realm.setRealm(realmName);
 		return realm;
diff --git a/ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmMapperTest.java b/ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmMapperTest.java
index f36b39c8fc173d6391b7bd0b8107c428f6ff766f..41087f58d366d15bbfe4de8be9dabea6e8314012 100644
--- a/ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmMapperTest.java
+++ b/ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmMapperTest.java
@@ -25,10 +25,15 @@ package de.ozgcloud.operator.keycloak.realm;
 
 import static org.assertj.core.api.Assertions.*;
 
+import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
+import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.representations.idm.RealmRepresentation;
 import org.mapstruct.factory.Mappers;
 import org.mockito.Spy;
 
+import de.ozgcloud.operator.keycloak.client.OzgCloudKeycloakClientSpecTestFactory;
+
 class KeycloakRealmMapperTest {
 
 	@Spy
@@ -94,7 +99,7 @@ class KeycloakRealmMapperTest {
 	void shouldMapSmtpServer() {
 		var mapped = mapper.map(OzgCloudKeycloakRealmSpecTestFactory.create());
 
-		assertThat(mapped.getSmtpServer().size()).isEqualTo(8);
+		assertThat(mapped.getSmtpServer()).hasSize(8);
 	}
 
 	@Test
@@ -134,4 +139,17 @@ class KeycloakRealmMapperTest {
 		assertThat(mappedRealmRoles.getRealm().get(0).getName()).isEqualTo(OzgCloudKeycloakRealmSpecTestFactory.ROLE_NAME_1);
 		assertThat(mappedRealmRoles.getRealm().get(1).getName()).isEqualTo(OzgCloudKeycloakRealmSpecTestFactory.ROLE_NAME_2);
 	}
+
+	@Nested
+	class TestUpdate {
+
+		@Test
+		void shouldMapBaseUrl() {
+			var realm = mapper.update(new RealmRepresentation(), OzgCloudKeycloakRealmSpecTestFactory.create());
+
+			assertThat(realm.getDisplayName()).isEqualTo(OzgCloudKeycloakRealmSpecTestFactory.DISPLAY_NAME);
+		}
+
+		
+	}
 }