Using managed identities to assign users and groups to app-roles in Enterprise apps

Managed identity ownership is not required to assign users or groups to application roles.

What your workload identity needs is the appropriate Microsoft Graph permissions (such as AppRoleAssignment.ReadWrite.All) or a directory role like Application Administrator.

App role assignments are authorization operations, not ownership operations