It is not possible through the officially supported security APIs.
DISCLAIMER: WARNING! WARNING!! the following content is provided only for discussion purpose. It is NOT recommended or supported in anyway. Doing it is a risk to your cluster integrity. Do NOT do it on your production cluster.
Users from native realms are stored in the
.security index as regulard elasticsearch document. Therefore it possible to update it directly just as a normal document. Since the update is done without going through the normal security APIs, cache needs to be cleared before the new roles can be recognised.