diff --git a/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/AvailableRoleMappingResource.java b/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/AvailableRoleMappingResource.java
index 39574d5b592..7d47e3188d7 100644
--- a/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/AvailableRoleMappingResource.java
+++ b/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/AvailableRoleMappingResource.java
@@ -239,9 +239,14 @@ public class AvailableRoleMappingResource extends RoleMappingResource {
     }
 
     private Set<String> getRoleIdsWithPermissions(String roleResourceScope, String clientResourceScope) {
-        Set<String> roleIds = this.auth.roles().getRoleIdsByScope(roleResourceScope);
-        Set<String> clientIds = this.auth.clients().getClientIdsByScope(clientResourceScope);
-        clientIds.stream().flatMap(cid -> realm.getClientById(cid).getRolesStream()).forEach(role -> roleIds.add(role.getId()));
+        Set<String> roleIds;
+        if (AdminPermissionsSchema.SCHEMA.isAdminPermissionsEnabled(realm) && canPerformOnAllClients(clientResourceScope)) {
+            roleIds = session.clients().getClientsStream(realm).flatMap(client -> client.getRolesStream()).map(RoleModel::getId).collect(Collectors.toSet());
+        } else {
+            roleIds = this.auth.roles().getRoleIdsByScope(roleResourceScope);
+            Set<String> clientIds = this.auth.clients().getClientIdsByScope(clientResourceScope);
+            clientIds.stream().flatMap(cid -> realm.getClientById(cid).getRolesStream()).forEach(role -> roleIds.add(role.getId()));
+        }
         return roleIds;
     }
 
@@ -254,4 +259,17 @@ public class AvailableRoleMappingResource extends RoleMappingResource {
         Stream<RoleModel> result = session.roles().searchForClientRolesStream(realm, search, excludedIds, first, max);
         return result.map(role -> RoleMapper.convertToModel(role, realm)).collect(Collectors.toList());
     }
+
+    private boolean canPerformOnAllClients(String scope) {
+        switch (scope) {
+            case MAP_ROLES:
+                return auth.clients().canMapRoles(null);
+            case MAP_ROLES_COMPOSITE:
+                return auth.clients().canMapCompositeRoles(null);
+            case MAP_ROLES_CLIENT_SCOPE:
+                return auth.clients().canMapClientScopeRoles(null);
+            default:
+                return false;
+        }
+    }
 }