I meant, if I could update server role, so that it was semantically correct for me that my server can mess with tokens. Seems not, and using other roles instead is not much of a headache.
I ended up assigning all the functions Admin role, so that they could do whatever they need, and granted my users access to only the functions they should be allowed to touch