Completely agree! I have several services running to make sure that our users and their access roles are synced from our Azure/ Entra tenant, and since Service Accounts only can have custom roles, this is something that causes a lot of frustration, as I sometimes forget this with new roles, until the services in production suddenly starts throwing a lot of exceptions.
Would welcome a change - I posted a feature request about this issue earlier that hopefully can get some more traction now 