diff --git a/backend/cliapp/cliapp/cli.py b/backend/cliapp/cliapp/cli.py
index fca212ce1b93ad49eb589d78da562e067c6cd4bb..542c859321f8cc4d53b0fd500cb717a5e49f92a4 100644
--- a/backend/cliapp/cliapp/cli.py
+++ b/backend/cliapp/cliapp/cli.py
@@ -207,8 +207,8 @@ def setrole(email, app_slug, role):
     # Find user
     user = KratosUser.find_by_email(kratos_identity_api, email)
 
-    if role not in ("admin", "user"):
-        print("At this point only the roles 'admin' and 'user' are accepted")
+    if role not in ("admin", "user", "none"):
+        print("At this point the only accepted roles are 'admin', 'user' and 'none'.")
         sys.exit(1)
 
     if not user:
@@ -227,17 +227,21 @@ def setrole(email, app_slug, role):
         .first()
     )
 
+    # Always delete the old role for this app and user if it exists.
     if role_obj:
         db.session.delete(role_obj)
 
-    role = Role.query.filter(func.lower(Role.name) == func.lower(role)).first()
+    # If the new role is not "none", add it.
+    if role in ("admin", "user"):
+        role = Role.query.filter(func.lower(Role.name) == func.lower(role)).first()
 
-    obj = AppRole()
-    obj.user_id = user.uuid
-    obj.app_id = app_obj.id
-    obj.role_id = role.id if role else None
+        obj = AppRole()
+        obj.user_id = user.uuid
+        obj.app_id = app_obj.id
+        obj.role_id = role.id if role else None
+
+        db.session.add(obj)
 
-    db.session.add(obj)
     db.session.commit()