diff --git a/defaults/main.yml b/defaults/main.yml
index 4c594c5..b865583 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -55,8 +55,14 @@ barbican_service_name: barbican
 barbican_service_user_name: barbican
 barbican_service_type: key-manager
 barbican_service_description: "OpenStack Key and Secrets Management (Barbican)"
+barbican_default_role_names:
+  - "key-manager:service-admin"
+  - creator
+  - observer
+  - audit
 barbican_service_role_names:
   - admin
+  - creator
 barbican_service_region: RegionOne
 barbican_service_host: "0.0.0.0"
 barbican_service_port: 9311
diff --git a/tasks/barbican_service_setup.yml b/tasks/barbican_service_setup.yml
index a270932..e8e6cce 100644
--- a/tasks/barbican_service_setup.yml
+++ b/tasks/barbican_service_setup.yml
@@ -54,6 +54,18 @@
       delay: 10
       no_log: True
 
+    - name: Add service roles
+      os_keystone_role:
+        cloud: default
+        state: present
+        name: "{{ item }}"
+        verify: "{{ not keystone_service_adminuri_insecure }}"
+      with_items: "{{ barbican_default_role_names }}"
+      register: barbican_roles
+      until: barbican_roles is success
+      retries: 5
+      delay: 10
+
     - name: Add service user to admin roles
       os_user_role:
         cloud: default