diff --git a/config.yaml b/config.yaml
index e9da46fc..05c4c6c5 100644
--- a/config.yaml
+++ b/config.yaml
@@ -107,6 +107,16 @@ options:
     type: int
     default: 60
     description: Amount of time (in seconds) the catalog should be cached for.
+  role-cache-expiration:
+    type: int
+    default:
+    description: |
+      Amount of time (in seconds) role assignments should be cached for.
+      Relying on the global expiration_time can cause applications that
+      frequently add/remove role assignments to become slow or fail
+      since assignment changes will take up to expiration_time to sync
+      across all caches. Reducing cache_time means more database queries
+      so if an impact is perceived this value should be increased.
   dogpile-cache-expiration:
     type: int
     default: 600
diff --git a/hooks/keystone_context.py b/hooks/keystone_context.py
index f682818d..00d2152e 100644
--- a/hooks/keystone_context.py
+++ b/hooks/keystone_context.py
@@ -214,6 +214,9 @@ class KeystoneContext(context.OSContextGenerator):
         ctxt['verbose'] = config('verbose')
         ctxt['token_expiration'] = config('token-expiration')
         ctxt['catalog_cache_expiration'] = config('catalog-cache-expiration')
+        if config('role-cache-expiration') is not None:
+            ctxt['role_cache_expiration'] = config('role-cache-expiration')
+
         ctxt['dogpile_cache_expiration'] = config('dogpile-cache-expiration')
 
         ctxt['identity_backend'] = config('identity-backend')
diff --git a/templates/queens/keystone.conf b/templates/queens/keystone.conf
index 1d828509..d61501c3 100644
--- a/templates/queens/keystone.conf
+++ b/templates/queens/keystone.conf
@@ -42,6 +42,11 @@ driver = sql
 cache_time = {{ catalog_cache_expiration }}
 driver = sql
 
+{% if role_cache_expiration is not None -%}
+[role]
+cache_time = {{ role_cache_expiration }}
+{% endif -%}
+
 [endpoint_filter]
 
 [token]