Comment 2 for bug 1669080

In order to implement this in keystone, we'd need a migration to add a new column to the role table. Right now only id, name, domain_id, and extras are persisted in the role table [0].

[0] https://github.com/openstack/keystone/blob/a43d5a6893a5753f8567206032e779930ddd4321/keystone/assignment/role_backends/sql.py#L196