Is there a way to unimportRoles or disable capabilities for a certain role? I don't believe so based on the documentation:
<capability> = <enabled>
* Roles inherit all capabilities from imported roles, and inherited
capabilities cannot be disabled.
importRoles = <string>
* Semicolon delimited list of other roles and their associated capabilities
that should be imported.
* Importing other roles also imports the other aspects of that role, such as
allowed indexes to search.
We would like to create a custom role to override inherited capabilities. An example would be a system account which has less capabilities but has inherited user role capabilities. Right now it seems like an RFE.