# Role Groups Roles can be organized into groups so you can more easily control access to your application. For example, you can add a role group to an organization for B2B scenarios so that their members can only be assigned roles that belong to this group. These APIs allow you to manage the role groups for your application. You can then use the [Organizations APIs](/openapi/user/organizations.openapi.json) to add the relevant role groups to each organization and the [Members API](/openapi/user/members.openapi.json) can be used to assign roles to their members. ## Servers Sandbox environment ``` https://api.sbx.transmitsecurity.io/cis ``` Production environment (US) ``` https://api.transmitsecurity.io/cis ``` Production environment (EU) ``` https://api.eu.transmitsecurity.io/cis ``` Production environment (CA) ``` https://api.ca.transmitsecurity.io/cis ``` Production environment (AU) ``` https://api.au.transmitsecurity.io/cis ``` ## Security ### bearer Type: http Scheme: bearer Bearer Format: JWT ### UserAccessToken A token returned upon end-user authentication, which provides access to resources and data for the user and app for which it was generated Type: http Scheme: bearer Bearer Format: JWT ### AdminAccessToken A token generated by a management application using the [token endpoint](/openapi/token.openapi/other/getaccesstoken). It provides access to all resources for the tenant and its apps Type: oauth2 ### ClientAccessToken A token generated by an end-user application using the [token endpoint](/openapi/token.openapi/other/getaccesstoken). It provides access to resources and data on the tenant level or associated with the specific application (but not other apps in the tenant) Type: oauth2 ### OrgAdminAccessToken A token returned upon B2B authentication for a user that has the organizationAdmin or organizationCreator role. Type: oauth2 ## Download OpenAPI description [Role Groups](https://developer.transmitsecurity.com/_bundle/openapi/user/role-groups.openapi.yaml) ## Other ### Create role group - [POST /v1/applications/{app_id}/role-groups](https://developer.transmitsecurity.com/openapi/user/role-groups.openapi/other/createrolegroup.md): Create a new role group for this application. Required permissions: organizations:create, roles:create. ### Get role groups - [GET /v1/applications/{app_id}/role-groups](https://developer.transmitsecurity.com/openapi/user/role-groups.openapi/other/getapprolegroups.md): Retrieve a list of all role groups created for this application. Required permissions: organizations:read, roles:read, organizations:list, roles:list, orgs:read. ### Update role group - [PUT /v1/applications/{app_id}/role-groups/{group_id}](https://developer.transmitsecurity.com/openapi/user/role-groups.openapi/other/updaterolegroup.md): Update an existing role group for this application. Required permissions: organizations:edit, roles:edit. ### Delete role group - [DELETE /v1/applications/{app_id}/role-groups/{group_id}](https://developer.transmitsecurity.com/openapi/user/role-groups.openapi/other/deleterolegroup.md): Delete role group. Required permissions: organizations:delete, roles:delete. ### Set role group's roles - [POST /v1/applications/{app_id}/role-groups/{group_id}/roles/set](https://developer.transmitsecurity.com/openapi/user/role-groups.openapi/other/setrolestorolegroup.md): Update the roles of an existing role group of your application. This will replace any existing set of roles of that group. Required permissions: organizations:edit, roles:edit.