diff --git a/base/ca/src/main/java/org/dogtagpki/server/ca/rest/v2/CAGroupServlet.java b/base/ca/src/main/java/org/dogtagpki/server/ca/rest/v2/CAGroupServlet.java
new file mode 100644
index 00000000000..c06f5b0b2f6
--- /dev/null
+++ b/base/ca/src/main/java/org/dogtagpki/server/ca/rest/v2/CAGroupServlet.java
@@ -0,0 +1,20 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.ca.rest.v2;
+
+import javax.servlet.annotation.WebServlet;
+
+import org.dogtagpki.server.rest.v2.GroupServlet;
+
+/**
+ * @author Marco Fargetta {@literal <mfargett@redhat.com>}
+ */
+@WebServlet(
+        name = "caGroup",
+        urlPatterns = "/v2/admin/groups/*")
+public class CAGroupServlet extends GroupServlet {
+    private static final long serialVersionUID = 1L;
+}
diff --git a/base/ca/src/main/java/org/dogtagpki/server/ca/rest/v2/filters/CAGroupACL.java b/base/ca/src/main/java/org/dogtagpki/server/ca/rest/v2/filters/CAGroupACL.java
new file mode 100644
index 00000000000..cb979a78c54
--- /dev/null
+++ b/base/ca/src/main/java/org/dogtagpki/server/ca/rest/v2/filters/CAGroupACL.java
@@ -0,0 +1,10 @@
+package org.dogtagpki.server.ca.rest.v2.filters;
+
+import javax.servlet.annotation.WebFilter;
+
+import org.dogtagpki.server.rest.v2.filters.GroupACL;
+
+@WebFilter(servletNames = "caGroup")
+public class CAGroupACL extends GroupACL {
+    private static final long serialVersionUID = 1L;
+}
diff --git a/base/ca/src/main/java/org/dogtagpki/server/ca/rest/v2/filters/CAGroupAuthMethod.java b/base/ca/src/main/java/org/dogtagpki/server/ca/rest/v2/filters/CAGroupAuthMethod.java
new file mode 100644
index 00000000000..2ae54b8e2d0
--- /dev/null
+++ b/base/ca/src/main/java/org/dogtagpki/server/ca/rest/v2/filters/CAGroupAuthMethod.java
@@ -0,0 +1,10 @@
+package org.dogtagpki.server.ca.rest.v2.filters;
+
+import javax.servlet.annotation.WebFilter;
+
+import org.dogtagpki.server.rest.v2.filters.GroupAuthMethod;
+
+@WebFilter(servletNames = "caGroup")
+public class CAGroupAuthMethod extends GroupAuthMethod {
+    private static final long serialVersionUID = 1L;
+}
diff --git a/base/common/src/main/java/com/netscape/certsrv/group/GroupCollection.java b/base/common/src/main/java/com/netscape/certsrv/group/GroupCollection.java
index cdacec86fd5..4fea3680b83 100644
--- a/base/common/src/main/java/com/netscape/certsrv/group/GroupCollection.java
+++ b/base/common/src/main/java/com/netscape/certsrv/group/GroupCollection.java
@@ -24,6 +24,7 @@
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonInclude.Include;
 import com.netscape.certsrv.base.DataCollection;
+import com.netscape.certsrv.util.JSONSerializer;
 
 
 /**
@@ -31,7 +32,7 @@
  */
 @JsonInclude(Include.NON_NULL)
 @JsonIgnoreProperties(ignoreUnknown=true)
-public class GroupCollection extends DataCollection<GroupData> {
+public class GroupCollection extends DataCollection<GroupData> implements JSONSerializer {
 
     @Override
     public Collection<GroupData> getEntries() {
diff --git a/base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/KRAGroupServlet.java b/base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/KRAGroupServlet.java
new file mode 100644
index 00000000000..d00e0acf73a
--- /dev/null
+++ b/base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/KRAGroupServlet.java
@@ -0,0 +1,20 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.kra.rest.v2;
+
+import javax.servlet.annotation.WebServlet;
+
+import org.dogtagpki.server.rest.v2.GroupServlet;
+
+/**
+ * @author Marco Fargetta {@literal <mfargett@redhat.com>}
+ */
+@WebServlet(
+        name = "kraGroup",
+        urlPatterns = "/v2/admin/groups/*")
+public class KRAGroupServlet extends GroupServlet {
+    private static final long serialVersionUID = 1L;
+}
diff --git a/base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/filters/KRAGroupACL.java b/base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/filters/KRAGroupACL.java
new file mode 100644
index 00000000000..b074539d109
--- /dev/null
+++ b/base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/filters/KRAGroupACL.java
@@ -0,0 +1,10 @@
+package org.dogtagpki.server.kra.rest.v2.filters;
+
+import javax.servlet.annotation.WebFilter;
+
+import org.dogtagpki.server.rest.v2.filters.GroupACL;
+
+@WebFilter(servletNames = "kraGroup")
+public class KRAGroupACL extends GroupACL {
+    private static final long serialVersionUID = 1L;
+}
diff --git a/base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/filters/KRAGroupAuthMethod.java b/base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/filters/KRAGroupAuthMethod.java
new file mode 100644
index 00000000000..737342c6296
--- /dev/null
+++ b/base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/filters/KRAGroupAuthMethod.java
@@ -0,0 +1,10 @@
+package org.dogtagpki.server.kra.rest.v2.filters;
+
+import javax.servlet.annotation.WebFilter;
+
+import org.dogtagpki.server.rest.v2.filters.GroupAuthMethod;
+
+@WebFilter(servletNames = "kraGroup")
+public class KRAGroupAuthMethod extends GroupAuthMethod {
+    private static final long serialVersionUID = 1L;
+}
diff --git a/base/ocsp/src/main/java/org/dogtagpki/server/ocsp/rest/v2/OCSPGroupServlet.java b/base/ocsp/src/main/java/org/dogtagpki/server/ocsp/rest/v2/OCSPGroupServlet.java
new file mode 100644
index 00000000000..dfb41b8d6a4
--- /dev/null
+++ b/base/ocsp/src/main/java/org/dogtagpki/server/ocsp/rest/v2/OCSPGroupServlet.java
@@ -0,0 +1,20 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.ocsp.rest.v2;
+
+import javax.servlet.annotation.WebServlet;
+
+import org.dogtagpki.server.rest.v2.GroupServlet;
+
+/**
+ * @author Marco Fargetta {@literal <mfargett@redhat.com>}
+ */
+@WebServlet(
+        name = "ocspGroup",
+        urlPatterns = "/v2/admin/groups/*")
+public class OCSPGroupServlet extends GroupServlet {
+    private static final long serialVersionUID = 1L;
+}
diff --git a/base/ocsp/src/main/java/org/dogtagpki/server/ocsp/rest/v2/filters/OCSPGroupACL.java b/base/ocsp/src/main/java/org/dogtagpki/server/ocsp/rest/v2/filters/OCSPGroupACL.java
new file mode 100644
index 00000000000..c92ea8c48e7
--- /dev/null
+++ b/base/ocsp/src/main/java/org/dogtagpki/server/ocsp/rest/v2/filters/OCSPGroupACL.java
@@ -0,0 +1,10 @@
+package org.dogtagpki.server.ocsp.rest.v2.filters;
+
+import javax.servlet.annotation.WebFilter;
+
+import org.dogtagpki.server.rest.v2.filters.GroupACL;
+
+@WebFilter(servletNames = "ocspGroup")
+public class OCSPGroupACL extends GroupACL {
+    private static final long serialVersionUID = 1L;
+}
diff --git a/base/ocsp/src/main/java/org/dogtagpki/server/ocsp/rest/v2/filters/OCSPGroupAuthMethod.java b/base/ocsp/src/main/java/org/dogtagpki/server/ocsp/rest/v2/filters/OCSPGroupAuthMethod.java
new file mode 100644
index 00000000000..3b010360276
--- /dev/null
+++ b/base/ocsp/src/main/java/org/dogtagpki/server/ocsp/rest/v2/filters/OCSPGroupAuthMethod.java
@@ -0,0 +1,10 @@
+package org.dogtagpki.server.ocsp.rest.v2.filters;
+
+import javax.servlet.annotation.WebFilter;
+
+import org.dogtagpki.server.rest.v2.filters.GroupAuthMethod;
+
+@WebFilter(servletNames = "ocspGroup")
+public class OCSPGroupAuthMethod extends GroupAuthMethod {
+    private static final long serialVersionUID = 1L;
+}
diff --git a/base/server/src/main/java/org/dogtagpki/server/rest/base/GroupServletBase.java b/base/server/src/main/java/org/dogtagpki/server/rest/base/GroupServletBase.java
new file mode 100644
index 00000000000..5196d57ce45
--- /dev/null
+++ b/base/server/src/main/java/org/dogtagpki/server/rest/base/GroupServletBase.java
@@ -0,0 +1,347 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.rest.base;
+
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Locale;
+import java.util.Map;
+
+import org.apache.commons.lang3.StringUtils;
+import org.dogtagpki.server.rest.v2.PKIServlet;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.netscape.certsrv.base.BadRequestException;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.base.ResourceNotFoundException;
+import com.netscape.certsrv.common.Constants;
+import com.netscape.certsrv.common.OpDef;
+import com.netscape.certsrv.common.ScopeDef;
+import com.netscape.certsrv.group.GroupCollection;
+import com.netscape.certsrv.group.GroupData;
+import com.netscape.certsrv.group.GroupMemberCollection;
+import com.netscape.certsrv.group.GroupMemberData;
+import com.netscape.certsrv.group.GroupNotFoundException;
+import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.logging.event.ConfigRoleEvent;
+import com.netscape.cms.servlet.admin.GroupMemberProcessor;
+import com.netscape.cmscore.apps.CMS;
+import com.netscape.cmscore.apps.CMSEngine;
+import com.netscape.cmscore.logging.Auditor;
+import com.netscape.cmscore.usrgrp.Group;
+import com.netscape.cmscore.usrgrp.UGSubsystem;
+
+/**
+ * @author Marco Fargetta {@literal <mfargett@redhat.com>}
+ * @author Endi S. Dewata
+ */
+public class GroupServletBase {
+    public static final Logger logger = LoggerFactory.getLogger(GroupServletBase.class);
+
+    private CMSEngine engine;
+    private UGSubsystem userGroupManager;
+
+    public GroupServletBase(CMSEngine engine) {
+        this.engine = engine;
+        this.userGroupManager = engine.getUGSubsystem();
+    }
+
+    public GroupCollection findGroups(String filter, int start, int size) {
+        if (filter != null && filter.length() < PKIServlet.MIN_FILTER_LENGTH) {
+            throw new BadRequestException("Filter is too short.");
+        }
+        try {
+            Enumeration<Group> groups = userGroupManager.listGroups(filter);
+
+            GroupCollection response = new GroupCollection();
+            int i = 0;
+
+            // skip to the start of the page
+            for ( ; i<start && groups.hasMoreElements(); i++) groups.nextElement();
+
+            // return entries up to the page size
+            for ( ; i<start+size && groups.hasMoreElements(); i++) {
+                Group group = groups.nextElement();
+                response.addEntry(createGroupData(group));
+            }
+
+            // count the total entries
+            for ( ; groups.hasMoreElements(); i++) groups.nextElement();
+            response.setTotal(i);
+
+            return response;
+
+        } catch (Exception e) {
+            logger.error("GroupServletBase: " + e.getMessage(), e);
+            throw new PKIException(e);
+        }
+    }
+
+    public GroupData addGroup(GroupData groupData, Locale loc) {
+
+        if (groupData == null) throw new BadRequestException("Group data is null.");
+
+        String groupID = groupData.getGroupID();
+
+        // ensure that any low-level exceptions are reported
+        // to the signed audit log and stored as failures
+        try {
+            if (groupID == null) {
+                logger.error(CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+                throw new BadRequestException(CMS.getUserMessage(loc, "CMS_ADMIN_SRVLT_NULL_RS_ID"));
+            }
+
+            Group group = userGroupManager.createGroup(groupID);
+
+            // add description if specified
+            String description = groupData.getDescription();
+            if (description != null && !description.equals("")) {
+                group.set(Group.ATTR_DESCRIPTION, description);
+            }
+
+            // allow adding a group with no members
+            userGroupManager.addGroup(group);
+
+            auditAddGroup(groupID, groupData, ILogger.SUCCESS);
+
+            // read the data back
+            return getGroup(groupID, loc);
+
+        } catch (PKIException e) {
+            auditAddGroup(groupID, groupData, ILogger.FAILURE);
+            throw e;
+
+        } catch (EBaseException e) {
+            auditAddGroup(groupID, groupData, ILogger.FAILURE);
+            throw new PKIException(e.getMessage());
+        }
+    }
+
+    public GroupData getGroup(String groupId, Locale loc) {
+
+        try {
+            if (groupId == null || groupId.isBlank()) {
+                logger.error(CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+                throw new BadRequestException(CMS.getUserMessage(loc, "CMS_ADMIN_SRVLT_NULL_RS_ID"));
+            }
+
+            Group group = userGroupManager.getGroupFromName(groupId);
+
+            if (group == null) {
+                logger.error(CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
+                throw new GroupNotFoundException(groupId);
+            }
+
+            return createGroupData(group);
+
+        } catch (PKIException e) {
+            throw e;
+
+        } catch (Exception e) {
+            throw new PKIException(CMS.getUserMessage(loc, "CMS_INTERNAL_ERROR"));
+        }
+    }
+
+    public GroupData modifyGroup(String groupId, GroupData groupData, Locale loc) {
+
+        if (groupData == null) throw new BadRequestException("Group data is null.");
+
+        // ensure that any low-level exceptions are reported
+        // to the signed audit log and stored as failures
+        try {
+            if (groupId == null || groupId.isBlank()) {
+                logger.error(CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+                throw new BadRequestException(CMS.getUserMessage(loc, "CMS_ADMIN_SRVLT_NULL_RS_ID"));
+            }
+
+            Group group = userGroupManager.getGroupFromName(groupId);
+
+            if (group == null) {
+                throw new ResourceNotFoundException("Group " + groupId + "  not found.");
+            }
+
+            // update description if specified
+            String description = groupData.getDescription();
+            if (description != null) {
+                if (description.equals("")) { // remove value if empty
+                    group.delete(Group.ATTR_DESCRIPTION);
+                } else { // otherwise replace value
+                    group.set(Group.ATTR_DESCRIPTION, description);
+                }
+            }
+
+            // allow adding a group with no members, except "Certificate
+            // Server Administrators"
+            userGroupManager.modifyGroup(group);
+
+            auditModifyGroup(groupId, groupData, ILogger.SUCCESS);
+
+            // read the data back
+            return getGroup(groupId, loc);
+
+        } catch (PKIException e) {
+            auditModifyGroup(groupId, groupData, ILogger.FAILURE);
+            throw e;
+
+        } catch (EBaseException e) {
+            auditModifyGroup(groupId, groupData, ILogger.FAILURE);
+            throw new PKIException(e.getMessage());
+        }
+}
+
+    public void removeGroup(String groupId, Locale loc) {
+        // ensure that any low-level exceptions are reported
+        // to the signed audit log and stored as failures
+        try {
+            if (groupId == null) {
+                logger.error(CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+                throw new BadRequestException(CMS.getUserMessage(loc, "CMS_ADMIN_SRVLT_NULL_RS_ID"));
+            }
+
+            // if fails, let the exception fall through
+            userGroupManager.removeGroup(groupId);
+
+            auditDeleteGroup(groupId, ILogger.SUCCESS);
+        } catch (PKIException e) {
+            auditDeleteGroup(groupId, ILogger.FAILURE);
+            throw e;
+
+        } catch (EBaseException e) {
+            auditDeleteGroup(groupId, ILogger.FAILURE);
+            throw new PKIException(e.getMessage());
+        }
+    }
+
+
+    public GroupMemberCollection findGroupMembers(String groupId, String filter, int start, int size, Locale loc) {
+        logger.debug("GroupServletBase.findGroupMembers({}, {}", groupId,  filter);
+
+        if (groupId == null || groupId.isBlank()) throw new BadRequestException("Group ID is null.");
+
+        if (filter != null && filter.length() < 3) {
+            throw new BadRequestException("Filter is too short.");
+        }
+
+        try {
+            GroupMemberProcessor processor = new GroupMemberProcessor(loc);
+            processor.setCMSEngine(engine);
+            processor.init();
+
+            return processor.findGroupMembers(groupId, filter, start, size);
+
+        } catch (PKIException e) {
+            throw e;
+
+        } catch (Exception e) {
+            throw new PKIException(e.getMessage(), e);
+        }
+    }
+
+    public GroupMemberData addGroupMember(String groupId, GroupMemberData groupMemberData, Locale loc) {
+        if (groupId == null || groupId.isBlank()) throw new BadRequestException("Group ID is null.");
+        if (groupMemberData == null || groupMemberData.getID() == null) throw new BadRequestException("Member ID is null.");
+        groupMemberData.setGroupID(groupId);
+
+        try {
+            GroupMemberProcessor processor = new GroupMemberProcessor(loc);
+            processor.setCMSEngine(engine);
+            processor.init();
+
+            return processor.addGroupMember(groupMemberData);
+
+        } catch (PKIException e) {
+            throw e;
+
+        } catch (Exception e) {
+            throw new PKIException(e.getMessage(), e);
+        }
+    }
+
+    public GroupMemberData getGroupMember(String groupId, String memberId, Locale loc) {
+        if (groupId == null || groupId.isBlank()) throw new BadRequestException("Group ID is null.");
+        if (memberId == null || memberId.isBlank()) throw new BadRequestException("Member ID is null.");
+
+        try {
+            GroupMemberProcessor processor = new GroupMemberProcessor(loc);
+            processor.setCMSEngine(engine);
+            processor.init();
+
+            return processor.getGroupMember(groupId, memberId);
+
+        } catch (PKIException e) {
+            throw e;
+
+        } catch (Exception e) {
+            throw new PKIException(e.getMessage(), e);
+        }
+    }
+
+    public void removeGroupMember(String groupId, String memberId, Locale loc) {
+        if (groupId == null || groupId.isBlank()) throw new BadRequestException("Group ID is null.");
+        if (memberId == null || memberId.isBlank()) throw new BadRequestException("Member ID is null.");
+
+        try {
+            GroupMemberProcessor processor = new GroupMemberProcessor(loc);
+            processor.setCMSEngine(engine);
+            processor.init();
+
+            processor.removeGroupMember(groupId, memberId);
+
+        } catch (PKIException e) {
+            throw e;
+
+        } catch (Exception e) {
+            throw new PKIException(e.getMessage(), e);
+        }
+    }
+
+    private GroupData createGroupData(Group group) throws Exception {
+
+        GroupData groupData = new GroupData();
+
+        String groupID = group.getGroupID();
+        if (!StringUtils.isEmpty(groupID)) {
+            groupData.setID(groupID);
+            groupData.setGroupID(groupID);
+        }
+
+        String description = group.getDescription();
+        if (!StringUtils.isEmpty(description)) groupData.setDescription(description);
+
+        return groupData;
+    }
+
+    private void auditAddGroup(String groupID, GroupData groupData, String status) {
+        audit(OpDef.OP_ADD, groupID, getGroupData(groupData), status);
+    }
+
+    private void auditModifyGroup(String groupID, GroupData groupData, String status) {
+        audit(OpDef.OP_MODIFY, groupID, getGroupData(groupData), status);
+    }
+
+    private void auditDeleteGroup(String groupID, String status) {
+        audit(OpDef.OP_DELETE, groupID, null, status);
+    }
+
+    private void audit(String type, String id, Map<String, String> params, String status) {
+
+        Auditor auditor = engine.getAuditor();
+
+        auditor.log(new ConfigRoleEvent(
+                auditor.getSubjectID(),
+                status,
+                auditor.getParamString(ScopeDef.SC_GROUPS, type, id, params)));
+    }
+
+    private Map<String, String> getGroupData(GroupData groupData) {
+        Map<String, String> map = new HashMap<>();
+        map.put(Constants.PR_GROUP_DESC, groupData.getDescription());
+        return map;
+    }
+
+}
diff --git a/base/server/src/main/java/org/dogtagpki/server/rest/base/UserServletBase.java b/base/server/src/main/java/org/dogtagpki/server/rest/base/UserServletBase.java
index b19ef41f458..3c4f13b9b03 100644
--- a/base/server/src/main/java/org/dogtagpki/server/rest/base/UserServletBase.java
+++ b/base/server/src/main/java/org/dogtagpki/server/rest/base/UserServletBase.java
@@ -73,12 +73,13 @@ public class UserServletBase {
     public static final String SYSTEM_USER = "$System$";
 
     private CMSEngine engine;
+    private UGSubsystem userGroupManager;
 
     public UserServletBase(CMSEngine engine) {
         this.engine = engine;
+        this.userGroupManager = engine.getUGSubsystem();
     }
 
-
     public UserCollection findUsers(String filter, int start, int size, Locale loc) {
 
         if (filter != null && filter.length() < PKIServlet.MIN_FILTER_LENGTH) {
@@ -88,7 +89,6 @@ public UserCollection findUsers(String filter, int start, int size, Locale loc)
         UserCollection response = new UserCollection();
 
         try {
-            UGSubsystem userGroupManager = engine.getUGSubsystem();
             Enumeration<User> users = userGroupManager.findUsersByKeyword(filter);
 
             int i = 0;
@@ -131,8 +131,6 @@ public UserData getUser(String userID, Locale loc) {
                 logger.error(CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
                 throw new BadRequestException(CMS.getUserMessage(loc, "CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
-
-            UGSubsystem userGroupManager = engine.getUGSubsystem();
             User user;
 
             try {
@@ -209,7 +207,6 @@ public UserCertCollection findUserCerts(String userID, int start, int size, Loca
                 throw new BadRequestException(CMS.getUserMessage(loc, "CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
-            UGSubsystem userGroupManager = engine.getUGSubsystem();
             User user = null;
 
             try {
@@ -273,7 +270,6 @@ public UserCertData getUserCert(String userID, String certID, Locale loc) {
                 throw new BadRequestException(CMS.getUserMessage(loc, "CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
-            UGSubsystem userGroupManager = engine.getUGSubsystem();
             User user = null;
 
             try {
@@ -338,7 +334,6 @@ public UserMembershipCollection findUserMemberships(String userID, String filter
             throw new BadRequestException("Filter is too short.");
         }
         try {
-            UGSubsystem userGroupManager = engine.getUGSubsystem();
             User user = userGroupManager.getUser(userID);
 
             if (user == null) {
@@ -411,7 +406,6 @@ public UserData addUser(UserData userData, Locale loc) {
                 throw new ForbiddenException(CMS.getUserMessage(loc, "CMS_ADMIN_SRVLT_SPECIAL_ID", userID));
             }
 
-            UGSubsystem userGroupManager = engine.getUGSubsystem();
             User user = userGroupManager.createUser(userID);
 
             String fname = userData.getFullName();
@@ -524,7 +518,6 @@ public UserData modifyUser(String userID, UserData userData, Locale loc) {
                 throw new BadRequestException(CMS.getUserMessage(loc, "CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
-            UGSubsystem userGroupManager = engine.getUGSubsystem();
             User user = userGroupManager.createUser(userID);
 
             String fullName = userData.getFullName();
@@ -604,7 +597,6 @@ public void removeUser(String userID, Locale loc) {
             }
 
             // get list of groups, and see if uid belongs to any
-            UGSubsystem userGroupManager = engine.getUGSubsystem();
             Enumeration<Group> groups = userGroupManager.findGroups("*");
 
             while (groups.hasMoreElements()) {
@@ -640,7 +632,6 @@ public UserCertData addUserCert(String userID, UserCertData userCertData, Locale
                 throw new BadRequestException(CMS.getUserMessage(loc, "CMS_ADMIN_SRVLT_NULL_RS_ID"));
             }
 
-            UGSubsystem userGroupManager = engine.getUGSubsystem();
             User user = userGroupManager.createUser(userID);
 
             String encoded = userCertData.getEncoded();
@@ -829,7 +820,6 @@ public void removeUserCert(String userID, String certID, Locale loc) {
         UserCertData userCertData = new UserCertData();
         userCertData.setID(certID);
         try {
-            UGSubsystem userGroupManager = engine.getUGSubsystem();
             String userCertID = userCertData.getID();
 
             // no certDN is a success
@@ -861,7 +851,6 @@ public UserMembershipData addUserMembership(String userID, String groupID, Local
         User user = null;
 
         try {
-            UGSubsystem userGroupManager = engine.getUGSubsystem();
             user = userGroupManager.getUser(userID);
         } catch (Exception e) {
             throw new PKIException(CMS.getUserMessage(loc, "CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
diff --git a/base/server/src/main/java/org/dogtagpki/server/rest/v2/GroupServlet.java b/base/server/src/main/java/org/dogtagpki/server/rest/v2/GroupServlet.java
new file mode 100644
index 00000000000..6c767ac21d1
--- /dev/null
+++ b/base/server/src/main/java/org/dogtagpki/server/rest/v2/GroupServlet.java
@@ -0,0 +1,163 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.rest.v2;
+
+import java.io.PrintWriter;
+import java.net.URLEncoder;
+import java.util.stream.Collectors;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.dogtagpki.server.rest.base.GroupServletBase;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.netscape.certsrv.base.WebAction;
+import com.netscape.certsrv.group.GroupCollection;
+import com.netscape.certsrv.group.GroupData;
+import com.netscape.certsrv.group.GroupMemberCollection;
+import com.netscape.certsrv.group.GroupMemberData;
+import com.netscape.certsrv.util.JSONSerializer;
+
+/**
+ * @author Marco Fargetta {@literal <mfargett@redhat.com>}
+ */
+public class GroupServlet extends PKIServlet {
+    private static final long serialVersionUID = 1L;
+    public static final Logger logger = LoggerFactory.getLogger(GroupServlet.class);
+
+    private GroupServletBase groupServletBase;
+
+    @Override
+    public void init() throws ServletException {
+        super.init();
+        groupServletBase = new GroupServletBase(getEngine());
+    }
+
+    @WebAction(method = HttpMethod.GET, paths = {""})
+    public void findGroups(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("GroupServletBase.findGroups(): session: {}", session.getId());
+        String filter = request.getParameter("filter");
+        int size = request.getParameter("size") == null ?
+                PKIServlet.DEFAULT_SIZE : Integer.parseInt(request.getParameter("size"));
+        int start = request.getParameter("start") == null ? 0 : Integer.parseInt(request.getParameter("start"));
+        GroupCollection groups = groupServletBase.findGroups(filter, start, size);
+        PrintWriter out = response.getWriter();
+        out.println(groups.toJSON());
+    }
+
+    @WebAction(method = HttpMethod.POST, paths = {""})
+    public void addGroup(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("GroupServletBase.addGroup(): session: {}", session.getId());
+        String requestData = request.getReader().lines().collect(Collectors.joining());
+        GroupData groupData = JSONSerializer.fromJSON(requestData, GroupData.class);
+        GroupData group = groupServletBase.addGroup(groupData, request.getLocale());
+        String encodedGroupID = URLEncoder.encode(group.getGroupID(), "UTF-8");
+        StringBuffer uri = request.getRequestURL();
+        uri.append("/" + encodedGroupID);
+        response.setStatus(HttpServletResponse.SC_CREATED);
+        response.setHeader("Location", uri.toString());
+        PrintWriter out = response.getWriter();
+        out.println(group.toJSON());
+    }
+
+    @WebAction(method = HttpMethod.GET, paths = {"{}"})
+    public void getGroup(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("GroupServletBase.addGroup(): session: {}", session.getId());
+        String[] pathElement = request.getPathInfo().substring(1).split("/");
+        String groupId = pathElement[0];
+        GroupData group = groupServletBase.getGroup(groupId, request.getLocale());
+        PrintWriter out = response.getWriter();
+        out.println(group.toJSON());
+    }
+
+    @WebAction(method = HttpMethod.PATCH, paths = {"{}"})
+    public void modifyGroup(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("GroupServletBase.modifyGroup(): session: {}", session.getId());
+        String[] pathElement = request.getPathInfo().substring(1).split("/");
+        String groupId = pathElement[0];
+        String requestData = request.getReader().lines().collect(Collectors.joining());
+        GroupData groupData = JSONSerializer.fromJSON(requestData, GroupData.class);
+        GroupData group = groupServletBase.modifyGroup(groupId, groupData, request.getLocale());
+        PrintWriter out = response.getWriter();
+        out.println(group.toJSON());
+
+    }
+
+    @WebAction(method = HttpMethod.DELETE, paths = {"{}"})
+    public void removeGroup(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("GroupServletBase.removeGroup(): session: {}", session.getId());
+        String[] pathElement = request.getPathInfo().substring(1).split("/");
+        String groupId = pathElement[0];
+        groupServletBase.removeGroup(groupId, request.getLocale());
+        response.setStatus(HttpServletResponse.SC_NO_CONTENT);
+    }
+
+    @WebAction(method = HttpMethod.GET, paths = {"{}/members"})
+    public void findGroupMembers(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("GroupServletBase.findGroupMembers(): session: {}", session.getId());
+        String[] pathElement = request.getPathInfo().substring(1).split("/");
+        String groupId = pathElement[0];
+        String filter = request.getParameter("filter");
+        int size = request.getParameter("size") == null ?
+                PKIServlet.DEFAULT_SIZE : Integer.parseInt(request.getParameter("size"));
+        int start = request.getParameter("start") == null ? 0 : Integer.parseInt(request.getParameter("start"));
+        GroupMemberCollection groupMembers = groupServletBase.findGroupMembers(groupId, filter, start, size, request.getLocale());
+        PrintWriter out = response.getWriter();
+        out.println(groupMembers.toJSON());
+    }
+
+    @WebAction(method = HttpMethod.POST, paths = {"{}/members"})
+    public void addGroupMember(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("GroupServletBase.addGroupMember(): session: {}", session.getId());
+        String[] pathElement = request.getPathInfo().substring(1).split("/");
+        String groupId = pathElement[0];
+        String requestData = request.getReader().lines().collect(Collectors.joining());
+        GroupMemberData groupMemberData = JSONSerializer.fromJSON(requestData, GroupMemberData.class);
+        GroupMemberData groupMember = groupServletBase.addGroupMember(groupId, groupMemberData, request.getLocale());
+        String encodedGroupMemberID = URLEncoder.encode(groupMember.getID(), "UTF-8");
+        StringBuffer uri = request.getRequestURL();
+        uri.append("/" + encodedGroupMemberID);
+        response.setStatus(HttpServletResponse.SC_CREATED);
+        response.setHeader("Location", uri.toString());
+        PrintWriter out = response.getWriter();
+        out.println(groupMember.toJSON());
+
+    }
+
+    @WebAction(method = HttpMethod.GET, paths = {"{}/members/{}"})
+    public void getGroupMember(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("GroupServletBase.getGroupMember(): session: {}", session.getId());
+        String[] pathElement = request.getPathInfo().substring(1).split("/");
+        String groupId = pathElement[0];
+        String memberId = pathElement[2];
+        GroupMemberData groupMember = groupServletBase.getGroupMember(groupId, memberId, request.getLocale());
+        PrintWriter out = response.getWriter();
+        out.println(groupMember.toJSON());
+    }
+
+    @WebAction(method = HttpMethod.DELETE, paths = {"{}/members/{}"})
+    public void removeGroupMember(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("GroupServletBase.removeGroupMember(): session: {}", session.getId());
+        String[] pathElement = request.getPathInfo().substring(1).split("/");
+        String groupId = pathElement[0];
+        String memberId = pathElement[2];
+        groupServletBase.removeGroupMember(groupId, memberId, request.getLocale());
+        response.setStatus(HttpServletResponse.SC_NO_CONTENT);
+    }
+}
diff --git a/base/server/src/main/java/org/dogtagpki/server/rest/v2/UserServlet.java b/base/server/src/main/java/org/dogtagpki/server/rest/v2/UserServlet.java
index 32272007682..436ad8564c7 100644
--- a/base/server/src/main/java/org/dogtagpki/server/rest/v2/UserServlet.java
+++ b/base/server/src/main/java/org/dogtagpki/server/rest/v2/UserServlet.java
@@ -42,7 +42,7 @@ public void init() throws ServletException {
         userServletBase = new UserServletBase(getEngine());
     }
 
-    @WebAction(method = HttpMethod.GET, paths = { ""})
+    @WebAction(method = HttpMethod.GET, paths = {""})
     public void findUsers(HttpServletRequest request, HttpServletResponse response) throws Exception {
         HttpSession session = request.getSession();
         logger.debug("UserServlet.findUsers(): session: {}", session.getId());
@@ -55,7 +55,7 @@ public void findUsers(HttpServletRequest request, HttpServletResponse response)
         out.println(users.toJSON());
     }
 
-    @WebAction(method = HttpMethod.POST, paths = { ""})
+    @WebAction(method = HttpMethod.POST, paths = {""})
     public void addUser(HttpServletRequest request, HttpServletResponse response) throws Exception {
         HttpSession session = request.getSession();
         logger.debug("UserServlet.addUser(): session: {}", session.getId());
@@ -71,7 +71,7 @@ public void addUser(HttpServletRequest request, HttpServletResponse response) th
         out.println(user.toJSON());
     }
 
-    @WebAction(method = HttpMethod.GET, paths = { "{}"})
+    @WebAction(method = HttpMethod.GET, paths = {"{}"})
     public void getUser(HttpServletRequest request, HttpServletResponse response) throws Exception {
         HttpSession session = request.getSession();
         logger.debug("UserServlet.getUser(): session: {}", session.getId());
@@ -83,7 +83,7 @@ public void getUser(HttpServletRequest request, HttpServletResponse response) th
 
     }
 
-    @WebAction(method = HttpMethod.PATCH, paths = { "{}"})
+    @WebAction(method = HttpMethod.PATCH, paths = {"{}"})
     public void modifyUser(HttpServletRequest request, HttpServletResponse response) throws Exception {
         HttpSession session = request.getSession();
         logger.debug("UserServlet.modifyUser(): session: {}", session.getId());
@@ -96,7 +96,7 @@ public void modifyUser(HttpServletRequest request, HttpServletResponse response)
         out.println(user.toJSON());
     }
 
-    @WebAction(method = HttpMethod.DELETE, paths = { "{}"})
+    @WebAction(method = HttpMethod.DELETE, paths = {"{}"})
     public void removeUser(HttpServletRequest request, HttpServletResponse response) throws Exception {
         HttpSession session = request.getSession();
         logger.debug("UserServlet.removeUser(): session: {}", session.getId());
@@ -106,7 +106,7 @@ public void removeUser(HttpServletRequest request, HttpServletResponse response)
         response.setStatus(HttpServletResponse.SC_NO_CONTENT);
     }
 
-    @WebAction(method = HttpMethod.GET, paths = { "{}/certs"})
+    @WebAction(method = HttpMethod.GET, paths = {"{}/certs"})
     public void findUserCerts(HttpServletRequest request, HttpServletResponse response) throws Exception {
         HttpSession session = request.getSession();
         logger.debug("UserServlet.findUserCerts(): session: {}", session.getId());
@@ -120,7 +120,7 @@ public void findUserCerts(HttpServletRequest request, HttpServletResponse respon
         out.println(userCerts.toJSON());
     }
 
-    @WebAction(method = HttpMethod.POST, paths = { "{}/certs"})
+    @WebAction(method = HttpMethod.POST, paths = {"{}/certs"})
     public void addUserCert(HttpServletRequest request, HttpServletResponse response) throws Exception {
         HttpSession session = request.getSession();
         logger.debug("UserServlet.addUserCert(): session: {}", session.getId());
@@ -141,7 +141,7 @@ public void addUserCert(HttpServletRequest request, HttpServletResponse response
         out.println(userCertData.toJSON());
     }
 
-    @WebAction(method = HttpMethod.GET, paths = { "{}/certs/{}"})
+    @WebAction(method = HttpMethod.GET, paths = {"{}/certs/{}"})
     public void getUserCert(HttpServletRequest request, HttpServletResponse response) throws Exception {
         HttpSession session = request.getSession();
         logger.debug("UserServlet.getUserCert(): session: {}", session.getId());
@@ -153,7 +153,7 @@ public void getUserCert(HttpServletRequest request, HttpServletResponse response
         out.println(userCert.toJSON());
     }
 
-    @WebAction(method = HttpMethod.DELETE, paths = { "{}/certs/{}"})
+    @WebAction(method = HttpMethod.DELETE, paths = {"{}/certs/{}"})
     public void removeUserCert(HttpServletRequest request, HttpServletResponse response) throws Exception {
         HttpSession session = request.getSession();
         logger.debug("UserServlet.removeUserCert(): session: {}", session.getId());
@@ -164,7 +164,7 @@ public void removeUserCert(HttpServletRequest request, HttpServletResponse respo
         response.setStatus(HttpServletResponse.SC_NO_CONTENT);
     }
 
-    @WebAction(method = HttpMethod.GET, paths = { "{}/memberships"})
+    @WebAction(method = HttpMethod.GET, paths = {"{}/memberships"})
     public void findUserMemberships(HttpServletRequest request, HttpServletResponse response) throws Exception {
         HttpSession session = request.getSession();
         logger.debug("UserServlet.findUserMemberships(): session: {}", session.getId());
@@ -179,7 +179,7 @@ public void findUserMemberships(HttpServletRequest request, HttpServletResponse
         out.println(userMemberships.toJSON());
     }
 
-    @WebAction(method = HttpMethod.POST, paths = { "{}/memberships"})
+    @WebAction(method = HttpMethod.POST, paths = {"{}/memberships"})
     public void addUserMembership(HttpServletRequest request, HttpServletResponse response) throws Exception {
         HttpSession session = request.getSession();
         logger.debug("UserServlet.addUserMembership(): session: {}", session.getId());
@@ -196,7 +196,7 @@ public void addUserMembership(HttpServletRequest request, HttpServletResponse re
         out.println(userMembership.toJSON());
     }
 
-    @WebAction(method = HttpMethod.DELETE, paths = { "{}/memberships/{}"})
+    @WebAction(method = HttpMethod.DELETE, paths = {"{}/memberships/{}"})
     public void removeUserMembership(HttpServletRequest request, HttpServletResponse response) throws Exception {
         HttpSession session = request.getSession();
         logger.debug("UserServlet.removeUserMembership(): session: {}", session.getId());
diff --git a/base/server/src/main/java/org/dogtagpki/server/rest/v2/filters/GroupACL.java b/base/server/src/main/java/org/dogtagpki/server/rest/v2/filters/GroupACL.java
new file mode 100644
index 00000000000..f0bc0e7ec22
--- /dev/null
+++ b/base/server/src/main/java/org/dogtagpki/server/rest/v2/filters/GroupACL.java
@@ -0,0 +1,17 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.rest.v2.filters;
+
+import javax.servlet.ServletException;
+
+public class GroupACL extends ACLFilter {
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    public void init() throws ServletException {
+        setAcl("groups");
+    }
+}
diff --git a/base/server/src/main/java/org/dogtagpki/server/rest/v2/filters/GroupAuthMethod.java b/base/server/src/main/java/org/dogtagpki/server/rest/v2/filters/GroupAuthMethod.java
new file mode 100644
index 00000000000..8de7be3c2d4
--- /dev/null
+++ b/base/server/src/main/java/org/dogtagpki/server/rest/v2/filters/GroupAuthMethod.java
@@ -0,0 +1,17 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.rest.v2.filters;
+
+import javax.servlet.ServletException;
+
+public class GroupAuthMethod extends AuthMethodFilter {
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    public void init() throws ServletException {
+        setAuthMethod("groups");
+    }
+}
diff --git a/base/server/src/main/java/org/dogtagpki/server/rest/v2/filters/UserACL.java b/base/server/src/main/java/org/dogtagpki/server/rest/v2/filters/UserACL.java
index cac4daedbde..77c4d2ac9fb 100644
--- a/base/server/src/main/java/org/dogtagpki/server/rest/v2/filters/UserACL.java
+++ b/base/server/src/main/java/org/dogtagpki/server/rest/v2/filters/UserACL.java
@@ -14,5 +14,4 @@ public class UserACL extends ACLFilter {
     public void init() throws ServletException {
         setAcl("users");
     }
-
 }
diff --git a/base/server/src/main/java/org/dogtagpki/server/rest/v2/filters/UserAuthMethod.java b/base/server/src/main/java/org/dogtagpki/server/rest/v2/filters/UserAuthMethod.java
index 1804eddc226..579c39e669c 100644
--- a/base/server/src/main/java/org/dogtagpki/server/rest/v2/filters/UserAuthMethod.java
+++ b/base/server/src/main/java/org/dogtagpki/server/rest/v2/filters/UserAuthMethod.java
@@ -14,5 +14,4 @@ public class UserAuthMethod extends AuthMethodFilter {
     public void init() throws ServletException {
         setAuthMethod("users");
     }
-
 }
diff --git a/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/TKSGroupServlet.java b/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/TKSGroupServlet.java
new file mode 100644
index 00000000000..672bb650ea4
--- /dev/null
+++ b/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/TKSGroupServlet.java
@@ -0,0 +1,20 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.tks.rest.v2;
+
+import javax.servlet.annotation.WebServlet;
+
+import org.dogtagpki.server.rest.v2.GroupServlet;
+
+/**
+ * @author Marco Fargetta {@literal <mfargett@redhat.com>}
+ */
+@WebServlet(
+        name = "tksGroup",
+        urlPatterns = "/v2/admin/groups/*")
+public class TKSGroupServlet extends GroupServlet {
+    private static final long serialVersionUID = 1L;
+}
diff --git a/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/filters/TKSGroupACL.java b/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/filters/TKSGroupACL.java
new file mode 100644
index 00000000000..5f60eddcb91
--- /dev/null
+++ b/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/filters/TKSGroupACL.java
@@ -0,0 +1,10 @@
+package org.dogtagpki.server.tks.rest.v2.filters;
+
+import javax.servlet.annotation.WebFilter;
+
+import org.dogtagpki.server.rest.v2.filters.GroupACL;
+
+@WebFilter(servletNames = "tksGroup")
+public class TKSGroupACL extends GroupACL {
+    private static final long serialVersionUID = 1L;
+}
diff --git a/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/filters/TKSGroupAuthMethod.java b/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/filters/TKSGroupAuthMethod.java
new file mode 100644
index 00000000000..b0b25582334
--- /dev/null
+++ b/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/filters/TKSGroupAuthMethod.java
@@ -0,0 +1,10 @@
+package org.dogtagpki.server.tks.rest.v2.filters;
+
+import javax.servlet.annotation.WebFilter;
+
+import org.dogtagpki.server.rest.v2.filters.GroupAuthMethod;
+
+@WebFilter(servletNames = "tksGroup")
+public class TKSGroupAuthMethod extends GroupAuthMethod {
+    private static final long serialVersionUID = 1L;
+}
diff --git a/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/TPSGroupServlet.java b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/TPSGroupServlet.java
new file mode 100644
index 00000000000..d42bf2e45e4
--- /dev/null
+++ b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/TPSGroupServlet.java
@@ -0,0 +1,20 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.tps.rest.v2;
+
+import javax.servlet.annotation.WebServlet;
+
+import org.dogtagpki.server.rest.v2.GroupServlet;
+
+/**
+ * @author Marco Fargetta {@literal <mfargett@redhat.com>}
+ */
+@WebServlet(
+        name = "tpsGroup",
+        urlPatterns = "/v2/admin/groups/*")
+public class TPSGroupServlet extends GroupServlet {
+    private static final long serialVersionUID = 1L;
+}
diff --git a/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/TPSGroupACL.java b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/TPSGroupACL.java
new file mode 100644
index 00000000000..ffade7c28fb
--- /dev/null
+++ b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/TPSGroupACL.java
@@ -0,0 +1,10 @@
+package org.dogtagpki.server.tps.rest.v2.filters;
+
+import javax.servlet.annotation.WebFilter;
+
+import org.dogtagpki.server.rest.v2.filters.GroupACL;
+
+@WebFilter(servletNames = "tpsGroup")
+public class TPSGroupACL extends GroupACL {
+    private static final long serialVersionUID = 1L;
+}
diff --git a/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/TPSGroupAuthMethod.java b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/TPSGroupAuthMethod.java
new file mode 100644
index 00000000000..d14f2d9433a
--- /dev/null
+++ b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/TPSGroupAuthMethod.java
@@ -0,0 +1,10 @@
+package org.dogtagpki.server.tps.rest.v2.filters;
+
+import javax.servlet.annotation.WebFilter;
+
+import org.dogtagpki.server.rest.v2.filters.GroupAuthMethod;
+
+@WebFilter(servletNames = "tpsGroup")
+public class TPSGroupAuthMethod extends GroupAuthMethod {
+    private static final long serialVersionUID = 1L;
+}