diff --git a/lib/modules/asset/AssetModule.ts b/lib/modules/asset/AssetModule.ts
index 4cb7f1d1..dd3c1616 100644
--- a/lib/modules/asset/AssetModule.ts
+++ b/lib/modules/asset/AssetModule.ts
@@ -6,6 +6,8 @@ import { AssetService } from "./AssetService";
 import { AssetsGroupsController } from "./AssetsGroupsController";
 import { RoleAssetsAdmin } from "./roles/RoleAssetsAdmin";
 import { RoleAssetsReader } from "./roles/RoleAssetsReader";
+import { RoleAssetsGroupsAdmin } from "./roles/RoleAssetsGroupsAdmin";
+import { RoleAssetsGroupsReader } from "./roles/RoleAssetsGroupsReader";
 
 export class AssetModule extends Module {
   private assetService: AssetService;
@@ -28,5 +30,10 @@ export class AssetModule extends Module {
       RoleAssetsAdmin.definition;
     this.plugin.imports.roles[RoleAssetsReader.name] =
       RoleAssetsReader.definition;
+
+    this.plugin.imports.roles[RoleAssetsGroupsAdmin.name] =
+      RoleAssetsGroupsAdmin.definition;
+    this.plugin.imports.roles[RoleAssetsGroupsReader.name] =
+      RoleAssetsGroupsReader.definition;
   }
 }
diff --git a/lib/modules/asset/exports.ts b/lib/modules/asset/exports.ts
index f294c0fe..8bc354d1 100644
--- a/lib/modules/asset/exports.ts
+++ b/lib/modules/asset/exports.ts
@@ -6,5 +6,7 @@ export * from "./types/AssetGroupContent";
 export * from "./types/AssetGroupsApi";
 export * from "./roles/RoleAssetsAdmin";
 export * from "./roles/RoleAssetsReader";
+export * from "./roles/RoleAssetsGroupsAdmin";
+export * from "./roles/RoleAssetsGroupsReader";
 export * from "./collections/assetsMappings";
 export * from "./collections/assetsHistoryMappings";
diff --git a/lib/modules/asset/index.ts b/lib/modules/asset/index.ts
index befe0f7b..01b908c0 100644
--- a/lib/modules/asset/index.ts
+++ b/lib/modules/asset/index.ts
@@ -9,3 +9,5 @@ export * from "./model/AssetSerializer";
 export * from "./AssetModule";
 export * from "./roles/RoleAssetsAdmin";
 export * from "./roles/RoleAssetsReader";
+export * from "./roles/RoleAssetsGroupsAdmin";
+export * from "./roles/RoleAssetsGroupsReader";
diff --git a/lib/modules/asset/roles/RoleAssetsGroupsAdmin.ts b/lib/modules/asset/roles/RoleAssetsGroupsAdmin.ts
new file mode 100644
index 00000000..3f4660b3
--- /dev/null
+++ b/lib/modules/asset/roles/RoleAssetsGroupsAdmin.ts
@@ -0,0 +1,36 @@
+import { KuzzleRole } from "../../shared/types/KuzzleRole";
+
+/**
+ * This role allows to manage assets and their models.
+ *
+ * It's a tenant role.
+ *
+ * @example
+ *
+    "device-manager/assets": {
+      actions: {
+        "*": true,
+      },
+    },
+    "device-manager/models": {
+      actions: {
+        deleteAsset: true,
+        listAssets: true,
+        getAsset: true,
+        writeAsset: true,
+        listMeasures: true,
+      },
+    },
+ */
+export const RoleAssetsGroupsAdmin: KuzzleRole = {
+  name: "assetsGroup.admin",
+  definition: {
+    controllers: {
+      "device-manager/assetsGroup": {
+        actions: {
+          "*": true,
+        },
+      },
+    },
+  },
+};
diff --git a/lib/modules/asset/roles/RoleAssetsGroupsReader.ts b/lib/modules/asset/roles/RoleAssetsGroupsReader.ts
new file mode 100644
index 00000000..696bf54c
--- /dev/null
+++ b/lib/modules/asset/roles/RoleAssetsGroupsReader.ts
@@ -0,0 +1,37 @@
+import { KuzzleRole } from "../../shared/types/KuzzleRole";
+
+/**
+ * This role allows to manage assets and their models.
+ *
+ * It's a tenant role.
+ *
+ * @example
+ *
+    "device-manager/assets": {
+      actions: {
+        "*": true,
+      },
+    },
+    "device-manager/models": {
+      actions: {
+        deleteAsset: true,
+        listAssets: true,
+        getAsset: true,
+        writeAsset: true,
+        listMeasures: true,
+      },
+    },
+ */
+export const RoleAssetsGroupsReader: KuzzleRole = {
+  name: "assetsGroup.reader",
+  definition: {
+    controllers: {
+      "device-manager/assetsGroup": {
+        actions: {
+          get: true,
+          search: true,
+        },
+      },
+    },
+  },
+};