I have the EXACT SAME PROBLEM - been trying to find a solution for > 3 months with no luck.
A further complication in another scenario - is I only want to remove Roles when a user had a specific Access Profile, which I can retrieve without issue in “Get Access” but i CANNOT filter only for ROLES (and excluding membership/assigned) in the “Manage Access”.
Open to ANY suggestions…
Note - if you only have 2 roles you can do:
If User has Role A
Then
Remove Role A
If User has Role B Them Remove B
ElseIf User has Role B Them Remove B
We’ve done it for 2 or 3 specific app roles… but we also have 300+ requestable roles we need to remove (while excluding birthright) :(.