diff --git a/rm-automation/rm-automation-community-rest-api/src/main/java/org/alfresco/rest/core/v0/BaseAPI.java b/rm-automation/rm-automation-community-rest-api/src/main/java/org/alfresco/rest/core/v0/BaseAPI.java
index 2601bd3db6..941759cda1 100644
--- a/rm-automation/rm-automation-community-rest-api/src/main/java/org/alfresco/rest/core/v0/BaseAPI.java
+++ b/rm-automation/rm-automation-community-rest-api/src/main/java/org/alfresco/rest/core/v0/BaseAPI.java
@@ -310,6 +310,78 @@ public abstract class BaseAPI
         }
     }
 
+    /**
+     * Helper method for PUT requests
+     *
+     * @param adminUser user with administrative privileges
+     * @param adminPassword password for adminUser
+     * @param expectedStatusCode The expected return status code.
+     * @param requestParams zero or more endpoint specific request parameters
+     * @param urlTemplate request URL template
+     * @param urlTemplateParams zero or more parameters used with <i>urlTemplate</i>
+     */
+    protected HttpResponse doPutJsonRequest(String adminUser,
+                String adminPassword,
+                int expectedStatusCode,
+                JSONObject requestParams,
+                String urlTemplate,
+                String... urlTemplateParams)
+    {
+        AlfrescoHttpClient client = alfrescoHttpClientFactory.getObject();
+        return doPutJsonRequest(adminUser, adminPassword, expectedStatusCode, client.getApiUrl(), requestParams, urlTemplate, urlTemplateParams);
+    }
+
+    /**
+     * Helper method for PUT requests
+     *
+     * @param adminUser user with administrative privileges
+     * @param adminPassword password for adminUser
+     * @param expectedStatusCode The expected return status code.
+     * @param urlStart the start of the URL (for example "alfresco/s/slingshot").
+     * @param requestParams zero or more endpoint specific request parameters
+     * @param urlTemplate request URL template
+     * @param urlTemplateParams zero or more parameters used with <i>urlTemplate</i>
+     * @throws AssertionError if the returned status code is not as expected.
+     */
+    private HttpResponse doPutJsonRequest(String adminUser,
+                String adminPassword,
+                int expectedStatusCode,
+                String urlStart,
+                JSONObject requestParams,
+                String urlTemplate,
+                String... urlTemplateParams)
+    {
+        String requestUrl = formatRequestUrl(urlStart, urlTemplate, urlTemplateParams);
+        try
+        {
+            HttpResponse httpResponse = doRequestJson(HttpPut.class, requestUrl, adminUser, adminPassword, requestParams);
+            assertEquals("PUT request to " + requestUrl + " was not successful.", httpResponse.getStatusLine().getStatusCode(), expectedStatusCode);
+            return httpResponse;
+        }
+        catch (InstantiationException | IllegalAccessException error)
+        {
+            throw new IllegalArgumentException("doPutRequest failed", error);
+        }
+    }
+
+    /**
+     * Fill in the parameters for a URL template.
+     *
+     * @param urlStart The start of the URL.
+     * @param urlTemplate The template.
+     * @param urlTemplateParams Any parameters that need to be filled into the URL template.
+     * @return The resultant URL.
+     */
+    private String formatRequestUrl(String urlStart, String urlTemplate, String[] urlTemplateParams)
+    {
+        if (urlTemplateParams.length == 1)
+        {
+            // The format method needs some help to know not to use the whole array object.
+            return MessageFormat.format(urlTemplate, urlStart, urlTemplateParams[0]);
+        }
+        return MessageFormat.format(urlTemplate, urlStart, urlTemplateParams);
+    }
+
     /**
      * Helper method for POST requests
      * @param adminUser user with administrative privileges
@@ -403,11 +475,8 @@ public abstract class BaseAPI
                 String urlTemplate,
                 String... urlTemplateParams)
     {
-        // Ensure the host is part of the request URL.
-        String requestUrl = MessageFormat.format(
-                    urlTemplate,
-                    urlStart,
-                    urlTemplateParams);
+        String requestUrl;
+        requestUrl = formatRequestUrl(urlStart, urlTemplate, urlTemplateParams);
         try
         {
             HttpResponse httpResponse = doRequestJson(HttpPost.class, requestUrl, adminUser, adminPassword, requestParams);
diff --git a/rm-automation/rm-automation-community-rest-api/src/main/java/org/alfresco/rest/rm/community/model/user/UserRoles.java b/rm-automation/rm-automation-community-rest-api/src/main/java/org/alfresco/rest/rm/community/model/user/UserRoles.java
index 3fc30071cd..a20eb8fc79 100644
--- a/rm-automation/rm-automation-community-rest-api/src/main/java/org/alfresco/rest/rm/community/model/user/UserRoles.java
+++ b/rm-automation/rm-automation-community-rest-api/src/main/java/org/alfresco/rest/rm/community/model/user/UserRoles.java
@@ -24,11 +24,16 @@
  * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
  * #L%
  */
+
 package org.alfresco.rest.rm.community.model.user;
 
+import static com.google.common.collect.Sets.newHashSet;
+
+import java.util.Set;
+
 /**
  * Constants for RM user roles
- * 
+ *
  * @author Kristijan Conkas
  * @since 2.6
  */
@@ -39,4 +44,8 @@ public class UserRoles
     public static final String ROLE_RM_POWER_USER = "PowerUser";
     public static final String ROLE_RM_SECURITY_OFFICER = "SecurityOfficer";
     public static final String ROLE_RM_USER = "User";
+
+    /** The ids of the default RM roles. */
+    public static final Set<String> RM_ROLES = newHashSet(ROLE_RM_ADMIN, ROLE_RM_MANAGER, ROLE_RM_POWER_USER,
+                ROLE_RM_SECURITY_OFFICER, ROLE_RM_USER);
 }
diff --git a/rm-automation/rm-automation-community-rest-api/src/main/java/org/alfresco/rest/v0/RMRolesAndActionsAPI.java b/rm-automation/rm-automation-community-rest-api/src/main/java/org/alfresco/rest/v0/RMRolesAndActionsAPI.java
index d0580c90b3..382426a893 100644
--- a/rm-automation/rm-automation-community-rest-api/src/main/java/org/alfresco/rest/v0/RMRolesAndActionsAPI.java
+++ b/rm-automation/rm-automation-community-rest-api/src/main/java/org/alfresco/rest/v0/RMRolesAndActionsAPI.java
@@ -39,6 +39,7 @@ import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;
 import java.util.Arrays;
 import java.util.Map;
+import java.util.Set;
 
 import org.alfresco.dataprep.AlfrescoHttpClient;
 import org.alfresco.dataprep.AlfrescoHttpClientFactory;
@@ -70,6 +71,10 @@ import org.springframework.stereotype.Component;
 @Component
 public class RMRolesAndActionsAPI extends BaseAPI
 {
+    /** The URI to view the configured roles and capabilities. */
+    private static final String RM_ROLES = "{0}rma/admin/rmroles";
+    /** The URI for REST requests about a particular configured role. */
+    private static final String RM_ROLES_ROLE = RM_ROLES + "/{1}";
     private static final String RM_ROLES_AUTHORITIES = "{0}rm/roles/{1}/authorities/{2}?alf_ticket={3}";
 
     // logger
@@ -88,6 +93,75 @@ public class RMRolesAndActionsAPI extends BaseAPI
     @Autowired
     private ContentService contentService;
 
+    /**
+     * Get all the configured RM roles.
+     *
+     * @param adminUser The RM admin user.
+     * @param adminPassword The password of the user.
+     * @return The RM roles in the system (Note that this will be the internal names, not the display labels).
+     */
+    public Set<String> getConfiguredRoles(String adminUser, String adminPassword)
+    {
+        // Using "is=true" includes the in-place readers and writers.
+        JSONObject jsonObject = doGetRequest(adminUser, adminPassword, RM_ROLES + "?is=true").getJSONObject("data");
+        return jsonObject.toMap().keySet();
+    }
+
+    /**
+     * Get the capabilities for a given role.
+     *
+     * @param adminUser The RM admin user.
+     * @param adminPassword The password of the user.
+     * @param role The role to get capabilities for.
+     * @return The set of system names for the capabilities.
+     */
+    public Set<String> getCapabilitiesForRole(String adminUser, String adminPassword, String role)
+    {
+        JSONObject jsonObject = doGetRequest(adminUser, adminPassword, RM_ROLES).getJSONObject("data");
+        assertTrue("Could not find role '" + role + "' in " + jsonObject.keySet(), jsonObject.has(role));
+        return jsonObject.getJSONObject(role).getJSONObject("capabilities").keySet();
+    }
+
+    /**
+     * Create a new RM role.
+     *
+     * @param adminUser The username of the admin user.
+     * @param adminPassword The password for the admin user.
+     * @param roleName The name of the new role.
+     * @param roleDisplayLabel A human-readable label for the role.
+     * @param capabilities A list of capabilities for the role.
+     */
+    public void createRole(String adminUser, String adminPassword, String roleName, String roleDisplayLabel, Set<String> capabilities)
+    {
+        JSONObject requestBody = new JSONObject();
+        requestBody.put("name", roleName);
+        requestBody.put("displayLabel", roleDisplayLabel);
+        JSONArray capabilitiesArray = new JSONArray();
+        capabilities.forEach(capabilitiesArray::put);
+        requestBody.put("capabilities", capabilitiesArray);
+        doPostJsonRequest(adminUser, adminPassword, HttpStatus.SC_OK, requestBody, RM_ROLES);
+    }
+
+    /**
+     * Update an existing RM role.
+     *
+     * @param adminUser The username of the admin user.
+     * @param adminPassword The password for the admin user.
+     * @param roleName The name of the new role.
+     * @param roleDisplayLabel A human-readable label for the role.
+     * @param capabilities A list of capabilities for the role.
+     */
+    public void updateRole(String adminUser, String adminPassword, String roleName, String roleDisplayLabel, Set<String> capabilities)
+    {
+        JSONObject requestBody = new JSONObject();
+        requestBody.put("name", roleName);
+        requestBody.put("displayLabel", roleDisplayLabel);
+        JSONArray capabilitiesArray = new JSONArray();
+        capabilities.forEach(capabilitiesArray::put);
+        requestBody.put("capabilities", capabilitiesArray);
+        doPutJsonRequest(adminUser, adminPassword, HttpStatus.SC_OK, requestBody, RM_ROLES_ROLE, roleName);
+    }
+
     /**
      * create user and assign to records management role
      */
diff --git a/rm-automation/rm-automation-community-rest-api/src/test/java/org/alfresco/rest/rm/community/rmroles/RMRolesTests.java b/rm-automation/rm-automation-community-rest-api/src/test/java/org/alfresco/rest/rm/community/rmroles/RMRolesTests.java
new file mode 100644
index 0000000000..daef946a79
--- /dev/null
+++ b/rm-automation/rm-automation-community-rest-api/src/test/java/org/alfresco/rest/rm/community/rmroles/RMRolesTests.java
@@ -0,0 +1,114 @@
+/*
+ * #%L
+ * Alfresco Records Management Module
+ * %%
+ * Copyright (C) 2005 - 2018 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * -
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail.  Otherwise, the software is
+ * provided under the following open source license terms:
+ * -
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * -
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ * -
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+
+package org.alfresco.rest.rm.community.rmroles;
+
+import static java.util.Collections.singleton;
+
+import static com.google.common.collect.Sets.newHashSet;
+
+import static org.alfresco.rest.rm.community.model.user.UserRoles.RM_ROLES;
+import static org.alfresco.rest.rm.community.model.user.UserRoles.ROLE_RM_USER;
+import static org.alfresco.rest.rm.community.util.CommonTestUtils.generateTestPrefix;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.util.Set;
+
+import org.alfresco.rest.rm.community.base.BaseRMRestTest;
+import org.alfresco.rest.v0.RMRolesAndActionsAPI;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.testng.annotations.Test;
+
+/**
+ * API tests of RM roles.
+ *
+ * @author Tom Page
+ * @since 2.7
+ */
+public class RMRolesTests extends BaseRMRestTest
+{
+    /** The id of the view records capability. */
+    public static final String VIEW_RECORDS_CAP = "ViewRecords";
+    /** The id of the declare records capability. */
+    public static final String DECLARE_RECORDS_CAP = "DeclareRecords";
+    /** A list of capabilities. */
+    private static final java.util.HashSet<String> CAPABILITIES = newHashSet(VIEW_RECORDS_CAP, DECLARE_RECORDS_CAP);
+    /** The API for managing RM roles and capabilities. */
+    @Autowired
+    private RMRolesAndActionsAPI rmRolesAndActionsAPI;
+
+    /** Check that the roles API returns the default RM roles. */
+    @Test(description = "Check the default RM roles exist.")
+    public void checkRMRolesExist()
+    {
+        Set<String> configuredRoles = rmRolesAndActionsAPI
+                    .getConfiguredRoles(getAdminUser().getUsername(), getAdminUser().getPassword());
+        RM_ROLES.forEach(role -> assertTrue("Could not found role " + role, configuredRoles.contains(role)));
+    }
+
+    /** Check that the RM user has the capability to view and declare records. */
+    @Test(description = "Check the capabilities for the RM user.")
+    public void checkCapabilitiesForUser()
+    {
+        Set<String> capabilities = rmRolesAndActionsAPI
+                    .getCapabilitiesForRole(getAdminUser().getUsername(), getAdminUser().getPassword(), ROLE_RM_USER);
+        assertEquals("Unexpected capabilities found for RM User.", capabilities, CAPABILITIES);
+    }
+
+    /** Check that a new role can be created and retrieved. */
+    @Test(description = "Create a new role.")
+    public void createNewRole()
+    {
+        String roleName = generateTestPrefix(RMRolesTests.class) + "newName";
+
+        // Call the endpoint under test.
+        rmRolesAndActionsAPI.createRole(getAdminUser().getUsername(), getAdminUser().getPassword(), roleName,
+                    "New Role Label", CAPABILITIES);
+
+        Set<String> actualCapabilities = rmRolesAndActionsAPI
+                    .getCapabilitiesForRole(getAdminUser().getUsername(), getAdminUser().getPassword(), roleName);
+        assertEquals("Unexpected capabilities found for RM User.", actualCapabilities, CAPABILITIES);
+    }
+
+    /** Check that a role can be edited. */
+    @Test(description = "Update a role.")
+    public void updateRole()
+    {
+        String roleName = generateTestPrefix(RMRolesTests.class) + "Name";
+        rmRolesAndActionsAPI.createRole(getAdminUser().getUsername(), getAdminUser().getPassword(), roleName, "Label",
+                    singleton(VIEW_RECORDS_CAP));
+
+        // Call the endpoint under test.
+        rmRolesAndActionsAPI.updateRole(getAdminUser().getUsername(), getAdminUser().getPassword(), roleName,
+                    "Updated Label", singleton(DECLARE_RECORDS_CAP));
+
+        Set<String> actualCapabilities = rmRolesAndActionsAPI
+                    .getCapabilitiesForRole(getAdminUser().getUsername(), getAdminUser().getPassword(), roleName);
+        assertEquals("Unexpected capabilities for edited RM User.", actualCapabilities, singleton(DECLARE_RECORDS_CAP));
+    }
+}