From 7a25f4a5c4523a09c826205c580a6257c106d11d Mon Sep 17 00:00:00 2001
From: kriks7iitk <kriks.iitk@gmail.com>
Date: Wed, 10 Jul 2024 13:48:26 +0530
Subject: [PATCH 1/2] Merge group revamp

---
 .vscode/settings.json                         |   3 +-
 .../cypress/constants/texts/manageGroups.js   |   2 +-
 frontend/assets/translations/en.json          |   3 +-
 .../ee/components/UsersPage/UsersTable.jsx    |  81 +-
 frontend/src/App/App.jsx                      |   4 +-
 frontend/src/Editor/Editor.jsx                |   7 +-
 frontend/src/Editor/Viewer.jsx                |  14 +-
 frontend/src/HomePage/HomePage.jsx            |  27 +-
 .../AddEditResourcePermissionsModal.jsx       | 145 +++
 .../AppPermissionActionContainer.jsx          |  67 ++
 .../AddResourcePermissionsMenu.jsx            |  61 ++
 .../AppResourcePermission.jsx                 | 151 +++
 frontend/src/ManageGranularAccess/index.jsx   | 535 ++++++++++
 .../ChangeRoleModal.jsx                       |  75 ++
 .../constant.js                               |  70 ++
 .../grpPermissionResc.theme.scss              | 146 +++
 .../index.jsx                                 | 998 ++++++++++++++++++
 .../ManageGroupPermissions.jsx                |   2 +-
 .../ErrorModal/ErrorModal.jsx                 |  55 +
 .../ManageGroupPermissionsV2.jsx              | 788 ++++++++++++++
 .../ManageGroupPermissionsV2/ResourceChip.jsx | 103 ++
 .../groupPermissions.theme.scss               | 458 ++++++++
 .../ManageOrgConstants/ManageOrgConstants.jsx |  15 +-
 .../src/ManageOrgUsers/InviteUsersForm.jsx    | 113 +-
 .../src/ManageOrgUsers/ManageOrgUsers.jsx     |  55 +-
 .../ManageOrgUsers/ManageOrgUsersDrawer.jsx   |  30 +-
 .../src/ManageOrgUsers/UserGroupsSelect.jsx   |  42 +-
 frontend/src/ManageOrgVars/ManageOrgVars.jsx  |   5 +-
 .../src/TooljetDatabase/Forms/styles.scss     |   2 +-
 frontend/src/WorkspaceConstants/index.jsx     |   5 +-
 frontend/src/_components/LogoNavDropdown.jsx  |  21 +-
 frontend/src/_components/MultiSelectUser.jsx  |  13 +-
 .../OrganizationLogin/OrganizationLogin.jsx   |   2 +-
 frontend/src/_components/SearchBox.jsx        |  12 +
 frontend/src/_helpers/utils.js                |   6 +-
 .../src/_services/authentication.service.js   |   2 +
 .../_services/groupPermission.v2.service.js   | 190 ++++
 frontend/src/_services/index.js               |   1 +
 frontend/src/_styles/groups-permissions.scss  | 146 +++
 frontend/src/_styles/theme.scss               | 154 ++-
 .../src/_styles/widgets/multi-select.scss     |   4 +
 frontend/src/_ui/AppButton/AppButton.scss     |   2 +-
 .../_ui/Icon/solidIcons/GranularAccess.jsx    |  19 +
 frontend/src/_ui/Icon/solidIcons/UserGear.jsx |  19 +
 .../src/_ui/Icon/solidIcons/UserGroups.jsx    |  39 +
 frontend/src/_ui/Icon/solidIcons/index.js     |   6 +
 frontend/src/_ui/Layout/index.jsx             |   5 +-
 frontend/src/_ui/Modal/AppsSelect.jsx         | 204 ++++
 frontend/src/_ui/Modal/appSelect.theme.scss   | 228 ++++
 frontend/src/_ui/Modal/index.jsx              |  32 +-
 package.json                                  |   6 +
 server/ee/services/oauth/oauth.service.ts     |  11 +-
 .../1714015513342-AddGroupPermissionsTable.ts |  37 +
 .../1714015541245-AddGroupUsersTable.ts       |  25 +
 ...14015564318-AddGranularPermissionsTable.ts |  32 +
 ...4015596201-AddAppsGroupPermissionsTable.ts |  28 +
 .../1714015615904-AddGroupAppsTable.ts        |  23 +
 ...0-CreateDefaultGroupInExistingWorkspace.ts | 149 +++
 ...sersToRespectiveRolesBuilderAndEndUsers.ts | 124 +++
 ...737529-MigrateCustomGroupToNewUserGroup.ts | 213 ++++
 ...-DropGroupPermissionsOlderRelatedTables.ts |   9 +
 server/src/app.module.ts                      |   6 +-
 server/src/constants/global.constant.ts       |  96 ++
 server/src/controllers/app.controller.ts      |   1 +
 .../app_environments.controller.ts            |   2 +
 .../app_import_export.controller.ts           |   5 +-
 server/src/controllers/apps.controller.ts     |  43 +-
 server/src/controllers/apps.controller.v2.ts  |  39 +-
 server/src/controllers/comment.controller.ts  |  11 +-
 server/src/controllers/folders.controller.ts  |  13 +-
 .../global_data_sources.controller.ts         |   9 +-
 .../group_permissions.controller.ts           | 118 ---
 .../group_permissions.controller.v2.ts        | 214 ++++
 .../import_export_resources.controller.ts     |   7 +-
 .../controllers/library_apps.controller.ts    |   3 +-
 .../organization_users.controller.ts          |  21 +-
 .../controllers/organizations.controller.ts   |   9 +-
 server/src/controllers/plugins.controller.ts  |   7 +-
 server/src/controllers/thread.controller.ts   |  11 +-
 server/src/dto/granular-permissions.dto.ts    |  58 +
 server/src/dto/group_permissions.dto.ts       |  81 ++
 server/src/dto/invite-new-user.dto.ts         |   7 +-
 server/src/entities/app.entity.ts             |   8 +-
 server/src/entities/app_base.entity.ts        |   2 +
 .../entities/apps_group_permissions.entity.ts |  46 +
 .../entities/granular_permissions.entity.ts   |  47 +
 server/src/entities/group_apps.entity.ts      |  38 +
 .../src/entities/group_permissions.entity.ts  |  65 ++
 server/src/entities/group_users.entity.ts     |  38 +
 server/src/entities/organization.entity.ts    |   7 +-
 server/src/entities/user.entity.ts            |  21 +-
 .../helpers/db-utility/db-search.helper.ts    |  16 +
 .../db-utility/db-utility.interface.ts        |   8 +
 .../src/helpers/db_constraints.constants.ts   |   3 +
 server/src/helpers/queries.ts                 | 105 +-
 server/src/modules/apps/apps.module.ts        |   8 +-
 server/src/modules/auth/auth.module.ts        |  10 +-
 .../casl/abilities/apps-ability.factory.ts    | 121 ++-
 .../abilities/comments-ability.factory.ts     |  37 +-
 .../abilities/data-queries-ability.factory.ts |  54 +
 .../casl/abilities/folders-ability.factory.ts |  26 +-
 .../global-datasource-ability.factory.ts      |  33 +-
 ...g-environment-variables-ability.factory.ts |  14 +-
 .../organization-constants-ability.factory.ts |  28 +-
 .../casl/abilities/plugins-ability.factory.ts |  22 +-
 .../casl/abilities/threads-ability.factory.ts |  42 +-
 .../abilities/tooljet-db-ability.factory.ts   |  12 +-
 .../src/modules/casl/casl-ability.factory.ts  |  41 +-
 server/src/modules/casl/casl.module.ts        |  16 +-
 .../data_queries/data_queries.module.ts       |   6 +-
 .../data_sources/data_sources.module.ts       |   6 +-
 server/src/modules/folders/folders.module.ts  |   7 +-
 .../group_permissions.module.ts               |  34 -
 .../org_environment_variables.module.ts       |   6 +-
 .../organization_constants.module.ts          |   6 +-
 .../organizations/constant/constants.ts       |   7 +
 .../organizations/organizations.module.ts     |  10 +-
 .../constants/permissions-ability.constant.ts |  33 +
 .../permissions-ability.interface.ts          |  48 +
 .../modules/permissions/permissions.module.ts |   9 +
 .../utility/permission-ability.utility.ts     |  73 ++
 server/src/modules/seeds/seeds.module.ts      |   2 +
 .../granular-permissions.constant.ts          |  45 +
 .../constants/group-permissions.constant.ts   | 127 +++
 .../granular-permissions.interface.ts         |  67 ++
 .../interface/group-permissions.interface.ts  |  43 +
 .../group-permissions.utility.service.ts      | 228 ++++
 .../user_resource_permissions.module.ts       |  15 +
 .../utility/granular-permissios.utility.ts    |  75 ++
 .../utility/group-permissions.utility.ts      | 217 ++++
 server/src/modules/users/users.module.ts      |   7 +-
 .../src/services/app_import_export.service.ts |  28 -
 server/src/services/apps.service.ts           |  90 +-
 server/src/services/auth.service.ts           |  48 +-
 server/src/services/folders.service.ts        | 184 ++--
 .../services/granular_permissions.service.ts  | 254 +++++
 .../src/services/group_permissions.service.ts | 516 ---------
 .../services/group_permissions.service.v2.ts  | 278 +++++
 server/src/services/metadata.service.ts       |  26 +-
 .../services/organization_users.service.ts    |  31 +-
 server/src/services/organizations.service.ts  | 151 ++-
 .../services/permissions-ability.service.ts   |  90 ++
 server/src/services/seeds.service.ts          |  56 +-
 server/src/services/user-role.service.ts      | 148 +++
 server/src/services/users.service.ts          | 366 ++-----
 server/tsconfig.json                          |   4 +-
 146 files changed, 8896 insertions(+), 1898 deletions(-)
 create mode 100644 frontend/src/ManageGranularAccess/AddEditResourceModal/AddEditResourcePermissionsModal.jsx
 create mode 100644 frontend/src/ManageGranularAccess/AddEditResourceModal/AppPermissionActionContainer.jsx
 create mode 100644 frontend/src/ManageGranularAccess/AddResourcePermissionsMenu.jsx
 create mode 100644 frontend/src/ManageGranularAccess/AppResourcePermission.jsx
 create mode 100644 frontend/src/ManageGranularAccess/index.jsx
 create mode 100644 frontend/src/ManageGroupPermissionResourcesV2/ChangeRoleModal.jsx
 create mode 100644 frontend/src/ManageGroupPermissionResourcesV2/constant.js
 create mode 100644 frontend/src/ManageGroupPermissionResourcesV2/grpPermissionResc.theme.scss
 create mode 100644 frontend/src/ManageGroupPermissionResourcesV2/index.jsx
 create mode 100644 frontend/src/ManageGroupPermissionsV2/ErrorModal/ErrorModal.jsx
 create mode 100644 frontend/src/ManageGroupPermissionsV2/ManageGroupPermissionsV2.jsx
 create mode 100644 frontend/src/ManageGroupPermissionsV2/ResourceChip.jsx
 create mode 100644 frontend/src/ManageGroupPermissionsV2/groupPermissions.theme.scss
 create mode 100644 frontend/src/_services/groupPermission.v2.service.js
 create mode 100644 frontend/src/_styles/groups-permissions.scss
 create mode 100644 frontend/src/_ui/Icon/solidIcons/GranularAccess.jsx
 create mode 100644 frontend/src/_ui/Icon/solidIcons/UserGear.jsx
 create mode 100644 frontend/src/_ui/Icon/solidIcons/UserGroups.jsx
 create mode 100644 frontend/src/_ui/Modal/AppsSelect.jsx
 create mode 100644 frontend/src/_ui/Modal/appSelect.theme.scss
 create mode 100644 server/migrations/1714015513342-AddGroupPermissionsTable.ts
 create mode 100644 server/migrations/1714015541245-AddGroupUsersTable.ts
 create mode 100644 server/migrations/1714015564318-AddGranularPermissionsTable.ts
 create mode 100644 server/migrations/1714015596201-AddAppsGroupPermissionsTable.ts
 create mode 100644 server/migrations/1714015615904-AddGroupAppsTable.ts
 create mode 100644 server/migrations/1720352990850-CreateDefaultGroupInExistingWorkspace.ts
 create mode 100644 server/migrations/1720365772516-AddingUsersToRespectiveRolesBuilderAndEndUsers.ts
 create mode 100644 server/migrations/1720434737529-MigrateCustomGroupToNewUserGroup.ts
 create mode 100644 server/migrations/1720513124281-DropGroupPermissionsOlderRelatedTables.ts
 create mode 100644 server/src/constants/global.constant.ts
 delete mode 100644 server/src/controllers/group_permissions.controller.ts
 create mode 100644 server/src/controllers/group_permissions.controller.v2.ts
 create mode 100644 server/src/dto/granular-permissions.dto.ts
 create mode 100644 server/src/dto/group_permissions.dto.ts
 create mode 100644 server/src/entities/apps_group_permissions.entity.ts
 create mode 100644 server/src/entities/granular_permissions.entity.ts
 create mode 100644 server/src/entities/group_apps.entity.ts
 create mode 100644 server/src/entities/group_permissions.entity.ts
 create mode 100644 server/src/entities/group_users.entity.ts
 create mode 100644 server/src/helpers/db-utility/db-search.helper.ts
 create mode 100644 server/src/helpers/db-utility/db-utility.interface.ts
 create mode 100644 server/src/modules/casl/abilities/data-queries-ability.factory.ts
 delete mode 100644 server/src/modules/group_permissions/group_permissions.module.ts
 create mode 100644 server/src/modules/organizations/constant/constants.ts
 create mode 100644 server/src/modules/permissions/constants/permissions-ability.constant.ts
 create mode 100644 server/src/modules/permissions/interface/permissions-ability.interface.ts
 create mode 100644 server/src/modules/permissions/permissions.module.ts
 create mode 100644 server/src/modules/permissions/utility/permission-ability.utility.ts
 create mode 100644 server/src/modules/user_resource_permissions/constants/granular-permissions.constant.ts
 create mode 100644 server/src/modules/user_resource_permissions/constants/group-permissions.constant.ts
 create mode 100644 server/src/modules/user_resource_permissions/interface/granular-permissions.interface.ts
 create mode 100644 server/src/modules/user_resource_permissions/interface/group-permissions.interface.ts
 create mode 100644 server/src/modules/user_resource_permissions/services/group-permissions.utility.service.ts
 create mode 100644 server/src/modules/user_resource_permissions/user_resource_permissions.module.ts
 create mode 100644 server/src/modules/user_resource_permissions/utility/granular-permissios.utility.ts
 create mode 100644 server/src/modules/user_resource_permissions/utility/group-permissions.utility.ts
 create mode 100644 server/src/services/granular_permissions.service.ts
 delete mode 100644 server/src/services/group_permissions.service.ts
 create mode 100644 server/src/services/group_permissions.service.v2.ts
 create mode 100644 server/src/services/permissions-ability.service.ts
 create mode 100644 server/src/services/user-role.service.ts

diff --git a/.vscode/settings.json b/.vscode/settings.json
index 24a4397851..35cab5fefc 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -23,5 +23,6 @@
             ],
             "url": "https://raw.githubusercontent.com/ToolJet/ToolJet/develop/plugins/schemas/manifest.schema.json"
         }
-    ]
+    ],
+    "CodeGPT.apiKey": "CodeGPT Plus Beta"
 }
\ No newline at end of file
diff --git a/cypress-tests/cypress/constants/texts/manageGroups.js b/cypress-tests/cypress/constants/texts/manageGroups.js
index 2f41ac7648..d608c96cdf 100644
--- a/cypress-tests/cypress/constants/texts/manageGroups.js
+++ b/cypress-tests/cypress/constants/texts/manageGroups.js
@@ -4,7 +4,7 @@ export const groupsText = {
   tableHeader: "Name",
   allUsers: "All users",
   admin: "Admin",
-  cardTitle: "Add new group",
+  cardTitle: "Create new group",
   cancelButton: "Cancel",
   createGroupButton: "Create Group",
   groupNameExistToast: "Group name already exist",
diff --git a/frontend/assets/translations/en.json b/frontend/assets/translations/en.json
index 4ea8ea391a..2536e1f576 100644
--- a/frontend/assets/translations/en.json
+++ b/frontend/assets/translations/en.json
@@ -9,6 +9,7 @@
         "search": "Search",
         "update": "Update",
         "delete": "Delete",
+        "remove":"Remove",
         "add": "Add",
         "view": "View",
         "create": "Create",
@@ -269,7 +270,7 @@
                         "userGroups": "User Groups",
                         "createNewGroup": "Create new group",
                         "updateGroup": "Update group",
-                        "addNewGroup": "Add new group",
+                        "addNewGroup": "Create new group",
                         "enterName": "Enter group name",
                         "createGroup": "Create Group",
                         "name": "Name"
diff --git a/frontend/ee/components/UsersPage/UsersTable.jsx b/frontend/ee/components/UsersPage/UsersTable.jsx
index 64fff66932..10ebff63a8 100644
--- a/frontend/ee/components/UsersPage/UsersTable.jsx
+++ b/frontend/ee/components/UsersPage/UsersTable.jsx
@@ -8,6 +8,7 @@ import SolidIcon from '@/_ui/Icon/SolidIcons';
 import { Tooltip } from 'react-tooltip';
 import UsersActionMenu from './UsersActionMenu';
 import { humanizeifDefaultGroupName, decodeEntities } from '@/_helpers/utils';
+import { ToolTip } from '@/_components/ToolTip';
 
 const UsersTable = ({
   isLoading,
@@ -34,10 +35,10 @@ const UsersTable = ({
                 <th data-cy="users-table-name-column-header">
                   {translator('header.organization.menus.manageUsers.name', 'Name')}
                 </th>
-                <th data-cy="users-table-email-column-header">
-                  {translator('header.organization.menus.manageUsers.email', 'Email')}
+                <th data-cy="users-table-groups-column-header" data-name="role-header">
+                  User role
                 </th>
-                <th data-cy="users-table-groups-column-header">Groups</th>
+                <th data-cy="users-table-groups-column-header">Custom groups</th>
                 {users && users[0]?.status ? (
                   <th data-cy="users-table-status-column-header">
                     {translator('header.organization.menus.manageUsers.status', 'Status')}
@@ -90,22 +91,20 @@ const UsersTable = ({
                             user.last_name ? user.last_name[0] : ''
                           }`}
                         />
-                        <span
-                          className="mx-3 tj-text tj-text-sm"
-                          data-cy={`${user.name.toLowerCase().replace(/\s+/g, '-')}-user-name`}
-                        >
-                          {decodeEntities(user.name)}
-                        </span>
+                        <div className="user-detail">
+                          <span
+                            className="mx-3 tj-text tj-text-sm"
+                            data-cy={`${user.name.toLowerCase().replace(/\s+/g, '-')}-user-name`}
+                          >
+                            {decodeEntities(user.name)}
+                          </span>
+                          <span style={{ color: '#687076' }} className="user-email mx-3  tj-text-xsm">
+                            {user.email}
+                          </span>
+                        </div>
                       </td>
-                      <td className="text-muted">
-                        <a
-                          className="text-reset user-email tj-text-sm"
-                          data-cy={`${user.name.toLowerCase().replace(/\s+/g, '-')}-user-email`}
-                        >
-                          {user.email}
-                        </a>
-                      </td>
-                      <GroupChipTD groups={user.groups} />
+                      <GroupChipTD groups={user.role_group.map((group) => group.name)} isRole={true} />
+                      <GroupChipTD groups={user.groups.map((group) => group.name)} />
                       {user.status && (
                         <td className="text-muted">
                           <span
@@ -182,7 +181,7 @@ const UsersTable = ({
 
 export default UsersTable;
 
-const GroupChipTD = ({ groups = [] }) => {
+const GroupChipTD = ({ groups = [], isRole = false }) => {
   const [showAllGroups, setShowAllGroups] = useState(false);
   const groupsListRef = useRef();
 
@@ -213,20 +212,23 @@ const GroupChipTD = ({ groups = [] }) => {
     return arr;
   }
 
-  const orderedArray = moveValuesToLast(groups, ['all_users', 'admin']);
+  const orderedArray = groups;
 
   const toggleAllGroupsList = (e) => {
     setShowAllGroups(!showAllGroups);
   };
 
   const renderGroupChip = (group, index) => (
-    <span className="group-chip" key={index} data-cy="group-chip">
-      {humanizeifDefaultGroupName(group)}
-    </span>
+    <ToolTip message={group}>
+      <span className="group-chip" key={index} data-cy="group-chip">
+        {humanizeifDefaultGroupName(group)}
+      </span>
+    </ToolTip>
   );
 
   return (
     <td
+      data-name={isRole ? 'role-header' : ''}
       data-active={showAllGroups}
       ref={groupsListRef}
       onClick={(e) => {
@@ -235,28 +237,31 @@ const GroupChipTD = ({ groups = [] }) => {
       className={cx('text-muted groups-name-cell', { 'groups-hover': orderedArray.length > 2 })}
     >
       <div className="groups-name-container tj-text-sm font-weight-500">
-        {orderedArray.slice(0, 2).map((group, index) => {
-          if (orderedArray.length <= 2) {
-            return renderGroupChip(group, index);
-          }
+        {orderedArray.length === 0 ? (
+          <div className="empty-text">-</div>
+        ) : (
+          orderedArray.slice(0, 2).map((group, index) => {
+            if (orderedArray.length <= 2) {
+              return renderGroupChip(group, index);
+            }
 
-          if (orderedArray.length > 2) {
-            if (index === 1) {
+            if (orderedArray.length > 2 && index === 1) {
               return (
-                <>
-                  <span className="group-chip" key={index}>
-                    {' '}
-                    +{orderedArray.length - 1} more
-                  </span>
+                <React.Fragment key={index}>
+                  {renderGroupChip(group, index)}
+                  <span className="group-chip">+{orderedArray.length - 2} more</span>
                   {showAllGroups && (
-                    <div className="all-groups-list">{groups.map((group, index) => renderGroupChip(group, index))}</div>
+                    <div className="all-groups-list">
+                      {orderedArray.slice(2).map((group, index) => renderGroupChip(group, index))}
+                    </div>
                   )}
-                </>
+                </React.Fragment>
               );
             }
+
             return renderGroupChip(group, index);
-          }
-        })}
+          })
+        )}
       </div>
     </td>
   );
diff --git a/frontend/src/App/App.jsx b/frontend/src/App/App.jsx
index b9652f2279..5b2d0e2b66 100644
--- a/frontend/src/App/App.jsx
+++ b/frontend/src/App/App.jsx
@@ -36,9 +36,9 @@ import { useAppDataStore } from '@/_stores/appDataStore';
 import cx from 'classnames';
 import useAppDarkMode from '@/_hooks/useAppDarkMode';
 import { ManageOrgUsers } from '@/ManageOrgUsers';
-import { ManageGroupPermissions } from '@/ManageGroupPermissions';
 import OrganizationLogin from '@/_components/OrganizationLogin/OrganizationLogin';
 import { ManageOrgVars } from '@/ManageOrgVars';
+import { ManageGroupPermissionsV2 } from '@/ManageGroupPermissionsV2/ManageGroupPermissionsV2';
 import { setFaviconAndTitle } from '@white-label/whiteLabelling';
 
 const AppWrapper = (props) => {
@@ -310,7 +310,7 @@ class AppComponent extends React.Component {
                   path="groups"
                   element={
                     <AdminRoute>
-                      <ManageGroupPermissions switchDarkMode={this.switchDarkMode} darkMode={darkMode} />
+                      <ManageGroupPermissionsV2 switchDarkMode={this.switchDarkMode} darkMode={darkMode} />
                     </AdminRoute>
                   }
                 />
diff --git a/frontend/src/Editor/Editor.jsx b/frontend/src/Editor/Editor.jsx
index ae0adffb0e..314c259b69 100644
--- a/frontend/src/Editor/Editor.jsx
+++ b/frontend/src/Editor/Editor.jsx
@@ -223,12 +223,15 @@ const EditorComponent = (props) => {
 
     // Subscribe to changes in the current session using RxJS observable pattern
     const subscription = authenticationService.currentSession.subscribe((currentSession) => {
-      if (currentUser && currentSession?.group_permissions) {
+      if (currentUser && (currentSession?.group_permissions || currentSession?.role)) {
         const userVars = {
           email: currentUser.email,
           firstName: currentUser.first_name,
           lastName: currentUser.last_name,
-          groups: currentSession.group_permissions?.map((group) => group.group),
+          groups: currentSession?.group_permissions
+            ? ['all_users', ...currentSession.group_permissions.map((group) => group.name)]
+            : ['all_users'],
+          role: currentSession?.role?.name,
         };
 
         const appUserDetails = {
diff --git a/frontend/src/Editor/Viewer.jsx b/frontend/src/Editor/Viewer.jsx
index 8597127db4..bb2a81b19f 100644
--- a/frontend/src/Editor/Viewer.jsx
+++ b/frontend/src/Editor/Viewer.jsx
@@ -280,13 +280,16 @@ class ViewerComponent extends React.Component {
 
     const currentUser = this.state.currentUser;
     let userVars = {};
-
+    const currentSessionValue = authenticationService.currentSessionValue;
     if (currentUser) {
       userVars = {
         email: currentUser.email,
         firstName: currentUser.first_name,
         lastName: currentUser.last_name,
-        groups: authenticationService.currentSessionValue?.group_permissions.map((group) => group.group),
+        groups: currentSessionValue?.group_permissions
+          ? ['All Users', ...currentSessionValue.group_permissions.map((group) => group.name)]
+          : ['All Users'],
+        role: currentSessionValue?.role?.name,
       };
     }
 
@@ -550,15 +553,18 @@ class ViewerComponent extends React.Component {
       const versionId = this.props.versionId;
 
       if (currentSession?.load_app && slug) {
-        if (currentSession?.group_permissions) {
+        if (currentSession?.group_permissions || currentSession?.role) {
           useAppDataStore.getState().actions.setAppId(appId);
 
           const currentUser = currentSession.current_user;
+          const currentSessionValue = authenticationService.currentSessionValue;
           const userVars = {
             email: currentUser.email,
             firstName: currentUser.first_name,
             lastName: currentUser.last_name,
-            groups: currentSession?.group_permissions?.map((group) => group.group),
+            groups: currentSessionValue?.group_permissions
+              ? ['All Users', ...currentSessionValue.group_permissions.map((group) => group.name)]
+              : ['All Users'],
           };
           this.props.setCurrentState({
             globals: {
diff --git a/frontend/src/HomePage/HomePage.jsx b/frontend/src/HomePage/HomePage.jsx
index 945987efd8..e11f5c2ed8 100644
--- a/frontend/src/HomePage/HomePage.jsx
+++ b/frontend/src/HomePage/HomePage.jsx
@@ -303,23 +303,28 @@ class HomePageComponent extends React.Component {
 
   canUserPerform(user, action, app) {
     const currentSession = authenticationService.currentSessionValue;
+    const userPermissions = currentSession.user_permissions;
+    const appPermission = currentSession.app_group_permissions;
+    const canUpdateApp =
+      appPermission && (appPermission.is_all_editable || appPermission.editable_apps_id.includes(app?.id));
+    const canReadApp =
+      (appPermission && canUpdateApp) ||
+      appPermission.is_all_viewable ||
+      appPermission.viewable_apps_id.includes(app?.id);
     let permissionGrant;
 
     switch (action) {
       case 'create':
-        permissionGrant = this.canAnyGroupPerformAction('app_create', currentSession.group_permissions);
+        permissionGrant = currentSession.user_permissions.app_create;
         break;
       case 'read':
+        permissionGrant = this.isUserOwnerOfApp(user, app) || canReadApp;
+        break;
       case 'update':
-        permissionGrant =
-          this.canAnyGroupPerformActionOnApp(action, currentSession.app_group_permissions, app) ||
-          this.isUserOwnerOfApp(user, app);
+        permissionGrant = canUpdateApp || this.isUserOwnerOfApp(user, app);
         break;
       case 'delete':
-        permissionGrant =
-          this.canAnyGroupPerformActionOnApp('delete', currentSession.app_group_permissions, app) ||
-          this.canAnyGroupPerformAction('app_delete', currentSession.group_permissions) ||
-          this.isUserOwnerOfApp(user, app);
+        permissionGrant = currentSession.user_permissions.app_delete || this.isUserOwnerOfApp(user, app);
         break;
       default:
         permissionGrant = false;
@@ -363,15 +368,15 @@ class HomePageComponent extends React.Component {
   };
 
   canCreateFolder = () => {
-    return this.canAnyGroupPerformAction('folder_create', authenticationService.currentSessionValue?.group_permissions);
+    return authenticationService.currentSessionValue?.user_permissions?.folder_c_r_u_d;
   };
 
   canDeleteFolder = () => {
-    return this.canAnyGroupPerformAction('folder_delete', authenticationService.currentSessionValue?.group_permissions);
+    return authenticationService.currentSessionValue?.user_permissions?.folder_c_r_u_d;
   };
 
   canUpdateFolder = () => {
-    return this.canAnyGroupPerformAction('folder_update', authenticationService.currentSessionValue?.group_permissions);
+    return authenticationService.currentSessionValue?.user_permissions?.folder_c_r_u_d;
   };
 
   cancelDeleteAppDialog = () => {
diff --git a/frontend/src/ManageGranularAccess/AddEditResourceModal/AddEditResourcePermissionsModal.jsx b/frontend/src/ManageGranularAccess/AddEditResourceModal/AddEditResourcePermissionsModal.jsx
new file mode 100644
index 0000000000..3424779e03
--- /dev/null
+++ b/frontend/src/ManageGranularAccess/AddEditResourceModal/AddEditResourcePermissionsModal.jsx
@@ -0,0 +1,145 @@
+import React from 'react';
+import '../../ManageGroupPermissionsV2/groupPermissions.theme.scss';
+import ModalBase from '@/_ui/Modal';
+import { AppsSelect } from '@/_ui/Modal/AppsSelect';
+import AppPermissionsActions from './AppPermissionActionContainer';
+
+function AddEditResourcePermissionsModal({
+  handleClose,
+  handleConfirm,
+  updateParentState,
+  resourceType,
+  currentState,
+  show,
+  title,
+  confirmBtnProps,
+  disableBuilderLevelUpdate,
+  selectedApps,
+  setSelectedApps,
+  addableApps,
+  darkMode,
+}) {
+  const isCustom = currentState?.isCustom;
+  const newPermissionName = currentState?.newPermissionName;
+  const initialPermissionState = currentState?.initialPermissionState;
+  const errors = currentState?.errors;
+  const isAll = currentState?.isAll;
+
+  return (
+    <ModalBase
+      size="md"
+      show={show}
+      handleClose={handleClose}
+      handleConfirm={handleConfirm}
+      className="permission-manager-modal"
+      title={title}
+      confirmBtnProps={confirmBtnProps}
+      darkMode={darkMode}
+    >
+      <div className="form-group mb-3">
+        <label className="form-label bold-text">Permission name</label>
+        <div className="tj-app-input">
+          <input
+            type="text"
+            className={`form-control ${newPermissionName?.length == 50 ? 'error-input' : ''}`}
+            placeholder={'Eg. Product analytics apps'}
+            name="permissionName"
+            value={newPermissionName}
+            onChange={(e) => {
+              if (e.target.value?.length < 51)
+                updateParentState(() => ({
+                  newPermissionName: e.target.value,
+                }));
+            }}
+          />
+          <span className="text-danger">{errors['permissionName']}</span>
+        </div>
+        <div className={`mt-1 tj-text-xxsm ${newPermissionName?.length == 50 ? 'error-text' : ''}`}>
+          <div data-cy="workspace-login-help-text">Permission name must be unique and max 50 characters</div>
+        </div>
+      </div>
+      {/* Till here */}
+      <div className="form-group mb-3">
+        <label className="form-label bold-text">Permission</label>
+        <AppPermissionsActions
+          handleClickEdit={() => {
+            updateParentState((prevState) => ({
+              initialPermissionState: {
+                ...prevState.initialPermissionState,
+                canEdit: !prevState.initialPermissionState.canEdit,
+                canView: prevState.initialPermissionState.canEdit,
+                ...(prevState.initialPermissionState.canEdit && { hideFromDashboard: false }),
+              },
+            }));
+          }}
+          handleClickView={() => {
+            updateParentState((prevState) => ({
+              initialPermissionState: {
+                ...prevState.initialPermissionState,
+                canView: !prevState.initialPermissionState.canView,
+                canEdit: prevState.initialPermissionState.canView,
+                ...(prevState.initialPermissionState.canEdit && { hideFromDashboard: false }),
+              },
+            }));
+          }}
+          handleHideFromDashboard={() => {
+            updateParentState((prevState) => ({
+              initialPermissionState: {
+                ...initialPermissionState,
+                hideFromDashboard: !prevState.initialPermissionState.hideFromDashboard,
+              },
+            }));
+          }}
+          disableBuilderLevelUpdate={disableBuilderLevelUpdate}
+          initialPermissionState={initialPermissionState}
+        />
+      </div>
+
+      <div className="form-group mb-3">
+        <label className="form-label bold-text">Resources</label>
+        <div className="resources-container">
+          <label className="form-check form-check-inline">
+            <input
+              className="form-check-input"
+              type="radio"
+              checked={isAll}
+              onClick={() => {
+                updateParentState((prevState) => ({ isAll: !prevState.isAll, isCustom: !!prevState.isAll }));
+              }}
+            />
+            <div>
+              <span className="form-check-label text-muted">All apps</span>
+              <span className="text-muted tj-text-xsm">
+                This will select all apps in the workspace including any new apps created
+              </span>
+            </div>
+          </label>
+          <label className="form-check form-check-inline">
+            <input
+              className="form-check-input"
+              type="radio"
+              disabled={addableApps.length === 0 || disableBuilderLevelUpdate}
+              checked={isCustom}
+              onClick={() => {
+                updateParentState((prevState) => ({ isCustom: !prevState.isCustom, isAll: prevState.isCustom }));
+              }}
+            />
+            <div>
+              <span className="form-check-label text-muted">Custom</span>
+              <span className="text-muted tj-text-xsm">Select specific applications you want to add to the group</span>
+            </div>
+          </label>
+          <AppsSelect
+            disabled={!isCustom}
+            allowSelectAll={true}
+            value={selectedApps}
+            onChange={setSelectedApps}
+            options={addableApps}
+          />
+        </div>
+      </div>
+    </ModalBase>
+  );
+}
+
+export default AddEditResourcePermissionsModal;
diff --git a/frontend/src/ManageGranularAccess/AddEditResourceModal/AppPermissionActionContainer.jsx b/frontend/src/ManageGranularAccess/AddEditResourceModal/AppPermissionActionContainer.jsx
new file mode 100644
index 0000000000..cc0ad15c1a
--- /dev/null
+++ b/frontend/src/ManageGranularAccess/AddEditResourceModal/AppPermissionActionContainer.jsx
@@ -0,0 +1,67 @@
+import React from 'react';
+import '../../ManageGroupPermissionsV2/groupPermissions.theme.scss';
+
+function AppPermissionsActions({
+  handleClickEdit,
+  handleClickView,
+  handleHideFromDashboard,
+  disableBuilderLevelUpdate,
+  initialPermissionState,
+}) {
+  return (
+    <div className="type-container">
+      <div className="left-container">
+        <label className="form-check form-check-inline">
+          <input
+            className="form-check-input"
+            type="radio"
+            disabled={disableBuilderLevelUpdate}
+            checked={initialPermissionState.canEdit}
+            onClick={() => {
+              !initialPermissionState.canEdit && handleClickEdit();
+            }}
+          />
+
+          <div>
+            <span className="form-check-label text-muted">Edit</span>
+            <span className="text-muted tj-text-xsm">Access to app builder</span>
+          </div>
+        </label>
+      </div>
+      <div className="right-container">
+        <label className="form-check form-check-inline">
+          <input
+            className="form-check-input"
+            type="radio"
+            disabled={disableBuilderLevelUpdate}
+            checked={initialPermissionState.canView}
+            onClick={() => {
+              !initialPermissionState.canView && handleClickView();
+            }}
+          />
+          <div>
+            <span className="form-check-label text-muted">View</span>
+            <span className="text-muted tj-text-xsm">Only view deployed version of app</span>
+          </div>
+        </label>
+        <label className="form-check form-check-inline">
+          <input
+            className="form-check-input"
+            type="checkbox"
+            disabled={!initialPermissionState.canView}
+            checked={initialPermissionState.hideFromDashboard}
+            onClick={() => {
+              handleHideFromDashboard();
+            }}
+          />
+          <div>
+            <span className={`form-check-label faded-text`}>Hide from dashboard</span>
+            <span className="text-muted tj-text-xsm">App will be accessible by URL only</span>
+          </div>
+        </label>
+      </div>
+    </div>
+  );
+}
+
+export default AppPermissionsActions;
diff --git a/frontend/src/ManageGranularAccess/AddResourcePermissionsMenu.jsx b/frontend/src/ManageGranularAccess/AddResourcePermissionsMenu.jsx
new file mode 100644
index 0000000000..26c750c67c
--- /dev/null
+++ b/frontend/src/ManageGranularAccess/AddResourcePermissionsMenu.jsx
@@ -0,0 +1,61 @@
+import React from 'react';
+import '../ManageGroupPermissionsV2/groupPermissions.theme.scss';
+import { ButtonSolid } from '@/_ui/AppButton/AppButton';
+import { OverlayTrigger } from 'react-bootstrap';
+
+function AddResourcePermissionsMenu({ openAddPermissionModal, resourcesOptions, currentGroupPermission }) {
+  return resourcesOptions.length > 1 ? (
+    <OverlayTrigger
+      rootClose={true}
+      trigger="click"
+      placement={'bottom'}
+      overlay={
+        <div className={`settings-card tj-text card ${this.props.darkMode && 'dark-theme'}`}>
+          <ButtonSolid
+            variant="tertiary"
+            iconWidth="17"
+            fill="var(--slate9)"
+            className="apps-remove-btn permission-type remove-decoration tj-text-xsm font-weight-600"
+            leftIcon="dashboard"
+            onClick={() => {
+              openAddPermissionModal();
+            }}
+          >
+            Apps
+          </ButtonSolid>
+        </div>
+      }
+    >
+      <div className={'cursor-pointer'}>
+        <ButtonSolid
+          variant="tertiary"
+          iconWidth="17"
+          fill="var(--slate9)"
+          className="add-icon tj-text-xsm font-weight-600"
+          leftIcon="plus"
+          disabled={currentGroupPermission.name === 'admin'}
+        >
+          Add permission
+        </ButtonSolid>
+      </div>
+    </OverlayTrigger>
+  ) : (
+    <div className={'cursor-pointer side-button-cont'}>
+      <ButtonSolid
+        variant="tertiary"
+        iconWidth="17"
+        fill="var(--slate9)"
+        className="add-icon tj-text-xsm font-weight-600"
+        leftIcon="plus"
+        disabled={currentGroupPermission.name === 'admin'}
+        onClick={() => {
+          openAddPermissionModal();
+        }}
+      >
+        Add apps
+      </ButtonSolid>
+    </div>
+  );
+}
+
+export default AddResourcePermissionsMenu;
diff --git a/frontend/src/ManageGranularAccess/AppResourcePermission.jsx b/frontend/src/ManageGranularAccess/AppResourcePermission.jsx
new file mode 100644
index 0000000000..0c93d0b70c
--- /dev/null
+++ b/frontend/src/ManageGranularAccess/AppResourcePermission.jsx
@@ -0,0 +1,151 @@
+import React, { useState } from 'react';
+import GroupChipTD from '@/ManageGroupPermissionsV2/ResourceChip';
+import '../ManageGroupPermissionsV2/groupPermissions.theme.scss';
+import SolidIcon from '@/_ui/Icon/SolidIcons';
+import { ButtonSolid } from '@/_ui/AppButton/AppButton';
+import { OverlayTrigger, Tooltip } from 'react-bootstrap';
+function AppResourcePermissions({
+  updateOnlyGranularPermissions,
+  permissions,
+  currentGroupPermission,
+  openEditPermissionModal,
+}) {
+  const [onHover, setHover] = useState(false);
+  const [notClickable, setNotClickable] = useState(false);
+  const isRoleGroup = currentGroupPermission.name == 'admin';
+  const disableEditUpdate = currentGroupPermission.name == 'end-user';
+  const appsPermissions = permissions.appsGroupPermissions;
+  let apps = appsPermissions?.groupApps?.map((app) => {
+    return app?.app?.name;
+  });
+  if (apps.length == 0 || permissions.isAll) apps = ['All apps'];
+
+  return (
+    <div
+      className="manage-resource-permission"
+      onMouseOver={() => {
+        setHover(true);
+      }}
+      onMouseOut={() => {
+        setHover(false);
+      }}
+      onClick={() => {
+        !isRoleGroup && !notClickable && openEditPermissionModal(permissions);
+      }}
+    >
+      <div className="resource-name d-flex">
+        <SolidIcon name="app" width="20px" className="resource-icon" />
+        <div className="resource-text">{permissions.name}</div>
+      </div>
+      <div className="text-muted">
+        <div className="d-flex apps-permission-wrap flex-column">
+          <label className="form-check form-check-inline">
+            <OverlayTrigger
+              overlay={
+                disableEditUpdate ? (
+                  <Tooltip id="tooltip-disable-edit-update">End-user cannot have edit permission</Tooltip>
+                ) : (
+                  <span></span>
+                )
+              }
+              placement="top"
+            >
+              <input
+                onMouseOver={() => {
+                  setNotClickable(true);
+                }}
+                onMouseOut={() => {
+                  setNotClickable(false);
+                }}
+                className="form-check-input"
+                type="radio"
+                onClick={() => {
+                  !appsPermissions.canEdit &&
+                    updateOnlyGranularPermissions(permissions, {
+                      canEdit: !appsPermissions.canEdit,
+                      canView: appsPermissions.canEdit,
+                      ...(!appsPermissions.canEdit && { hideFromDashboard: false }),
+                    });
+                }}
+                checked={appsPermissions.canEdit}
+                disabled={isRoleGroup || disableEditUpdate}
+                data-cy="app-create-checkbox"
+              />
+            </OverlayTrigger>
+            <span className="form-check-label" data-cy="app-create-label">
+              {'Edit'}
+            </span>
+            {/* <span class={`text-muted tj-text-xxsm ${isRoleGroup && 'check-label-disable'}`}>Create apps in this workspace</span> */}
+            <span class={`tj-text-xxsm`}>Access to app builder</span>
+          </label>
+          <label className="form-check form-check-inline">
+            <input
+              onMouseOver={() => {
+                setNotClickable(true);
+              }}
+              onMouseOut={() => {
+                setNotClickable(false);
+              }}
+              className="form-check-input"
+              type="radio"
+              onClick={() => {
+                !appsPermissions.canView &&
+                  updateOnlyGranularPermissions(permissions, {
+                    canView: !appsPermissions.canView,
+                    canEdit: appsPermissions.canView,
+                  });
+              }}
+              checked={appsPermissions.canView}
+              disabled={isRoleGroup || disableEditUpdate}
+              data-cy="app-delete-checkbox"
+            />
+            <span className="form-check-label" data-cy="app-delete-label">
+              {'View'}
+            </span>
+            <span class={`tj-text-xxsm`}>Only view released version of app</span>
+          </label>
+          <label className="form-check form-check-inline">
+            <input
+              onMouseOver={() => {
+                setNotClickable(true);
+              }}
+              onMouseOut={() => {
+                setNotClickable(false);
+              }}
+              className="form-check-input"
+              type="checkbox"
+              onChange={() => {
+                updateOnlyGranularPermissions(permissions, {
+                  hideFromDashboard: !appsPermissions.hideFromDashboard,
+                });
+              }}
+              checked={appsPermissions.hideFromDashboard}
+              disabled={isRoleGroup || !appsPermissions.canView}
+              data-cy="app-delete-checkbox"
+            />
+            <span className="form-check-label" data-cy="app-delete-label">
+              {'Hide from dashbaord'}
+            </span>
+            <span class={`tj-text-xxsm`}>App will be accessible by URL only</span>
+          </label>
+        </div>
+      </div>
+      <div>
+        <GroupChipTD groups={apps} />
+      </div>
+      <div className="edit-icon-container">
+        <ButtonSolid
+          leftIcon="editrectangle"
+          className="edit-permission-custom"
+          iconWidth="14"
+          onClick={() => {
+            openEditPermissionModal(permissions);
+          }}
+          disabled={isRoleGroup}
+        />
+      </div>
+    </div>
+  );
+}
+
+export default AppResourcePermissions;
diff --git a/frontend/src/ManageGranularAccess/index.jsx b/frontend/src/ManageGranularAccess/index.jsx
new file mode 100644
index 0000000000..18b6b559e1
--- /dev/null
+++ b/frontend/src/ManageGranularAccess/index.jsx
@@ -0,0 +1,535 @@
+import { ButtonSolid } from '@/_ui/AppButton/AppButton';
+import SolidIcon from '@/_ui/Icon/SolidIcons';
+import React from 'react';
+import { OverlayTrigger, Tooltip } from 'react-bootstrap';
+import { withTranslation } from 'react-i18next';
+import { groupPermissionV2Service } from '@/_services';
+import { toast } from 'react-hot-toast';
+import '../ManageGroupPermissionsV2/groupPermissions.theme.scss';
+import ChangeRoleModal from '@/ManageGroupPermissionResourcesV2/ChangeRoleModal';
+import AppResourcePermissions from '@/ManageGranularAccess/AppResourcePermission';
+import AddResourcePermissionsMenu from '@/ManageGranularAccess/AddResourcePermissionsMenu';
+import { ConfirmDialog } from '@/_components';
+import AddEditResourcePermissionsModal from '@/ManageGranularAccess/AddEditResourceModal/AddEditResourcePermissionsModal';
+
+import { ToolTip } from '@/_components/ToolTip';
+class ManageGranularAccessComponent extends React.Component {
+  constructor(props) {
+    super(props);
+
+    this.state = {
+      isLoading: false,
+      granularPermissions: [],
+      showAddPermissionModal: false,
+      errors: {},
+      values: {},
+      customSelected: true,
+      selectedApps: [],
+      type: null,
+      newPermissionName: null,
+      initialPermissionState: {
+        canEdit: false,
+        canView: false,
+        hideFromDashboard: false,
+      },
+      currentEditingPermissions: null,
+      isAll: true,
+      isCustom: false,
+      addableApps: [],
+      modalType: 'add',
+      modalTitle: 'Add app permissions',
+      showAutoRoleChangeModal: false,
+      autoRoleChangeModalMessage: '',
+      autoRoleChangeModalList: [],
+      autoRoleChangeMessageType: '',
+      updateParam: {},
+      updatingPermission: {},
+      updateType: '',
+      deleteConfirmationModal: false,
+      deletingPermissions: false,
+    };
+  }
+
+  componentDidMount() {
+    this.fetchAppsCanBeAdded();
+    this.fetchGranularPermissions(this.props.groupPermissionId);
+  }
+
+  fetchAppsCanBeAdded = () => {
+    groupPermissionV2Service
+      .fetchAddableApps()
+      .then((data) => {
+        const addableApps = data.map((app) => {
+          return {
+            name: app.name,
+            value: app.id,
+            label: app.name,
+          };
+        });
+        this.setState({
+          addableApps,
+        });
+      })
+      .catch((err) => {
+        toast.error(err.error);
+      });
+  };
+
+  fetchGranularPermissions = (groupPermissionId) => {
+    this.setState({
+      isLoading: true,
+    });
+    groupPermissionV2Service.fetchGranularPermissions(groupPermissionId).then((data) => {
+      this.setState({
+        granularPermissions: data,
+        isLoading: false,
+      });
+    });
+  };
+
+  deleteGranularPermissions = () => {
+    const { currentEditingPermissions } = this.state;
+    this.setState({
+      deleteGranularPermissions: true,
+    });
+    groupPermissionV2Service
+      .deleteGranularPermission(currentEditingPermissions.id)
+      .then(() => {
+        toast.success('Deleted permission successfully');
+        this.fetchGranularPermissions(this.props.groupPermissionId);
+        this.closeAddPermissionModal();
+      })
+      .catch((err) => {
+        toast.error(err.error);
+      })
+      .finally(() => {
+        this.setState({
+          deleteConfirmationModal: false,
+          deleteGranularPermissions: false,
+        });
+      });
+  };
+
+  createGranularPermissions = () => {
+    const { initialPermissionState, isAll, newPermissionName, isCustom, selectedApps } = this.state;
+    if (isCustom && selectedApps.length == 0) {
+      toast.error('Please select the apps');
+      return;
+    }
+    const body = {
+      name: newPermissionName,
+      type: 'app',
+      groupId: this.props.groupPermissionId,
+      isAll: isAll,
+      createAppsPermissionsObject: {
+        ...initialPermissionState,
+        resourcesToAdd: selectedApps.filter((apps) => !apps?.isAllField)?.map((option) => ({ appId: option.value })),
+      },
+    };
+    groupPermissionV2Service
+      .createGranularPermission(body)
+      .then(() => {
+        this.fetchGranularPermissions(this.props.groupPermissionId);
+        this.closeAddPermissionModal();
+      })
+      .catch(({ error }) => {
+        this.closeAddPermissionModal();
+        if (error?.error) {
+          this.props.updateParentState({
+            showEditRoleErrorModal: true,
+            errorTitle: error?.title ? error?.title : 'Cannot add granular permissions',
+            errorMessage: error.error,
+            errorIconName: 'usergear',
+            errorListItems: error.data,
+          });
+        }
+        toast.error(error);
+      });
+    // .then(())
+  };
+
+  openEditPermissionModal = (granularPermission) => {
+    const currentApps = granularPermission?.appsGroupPermissions?.groupApps;
+    const appsGroupPermission = granularPermission?.appsGroupPermissions;
+    this.setState({
+      currentEditingPermissions: granularPermission,
+      modalTitle: 'Edit app permissions',
+      showAddPermissionModal: true,
+      modalType: 'edit',
+      isAll: !!granularPermission.isAll,
+      isCustom: !granularPermission.isAll,
+      newPermissionName: granularPermission.name,
+      initialPermissionState: {
+        canEdit: appsGroupPermission.canEdit,
+        canView: appsGroupPermission.canView,
+        hideFromDashboard: appsGroupPermission.hideFromDashboard,
+      },
+
+      selectedApps:
+        currentApps?.length > 0
+          ? currentApps?.map(({ app }) => {
+              return {
+                name: app.name,
+                value: app.id,
+                label: app.name,
+              };
+            })
+          : [],
+    });
+  };
+
+  updateOnlyGranularPermissions = (permission, actions = {}, allowRoleChange) => {
+    const body = {
+      actions: actions,
+      allowRoleChange,
+    };
+    groupPermissionV2Service
+      .updateGranularPermission(permission.id, body)
+      .then(() => {
+        this.fetchGranularPermissions(this.props.groupPermissionId);
+        this.closeAddPermissionModal();
+        toast.success('Permission updated successfully');
+      })
+      .catch(({ error }) => {
+        if (error?.type) {
+          this.setState({
+            showAutoRoleChangeModal: true,
+            autoRoleChangeModalMessage: error?.error,
+            autoRoleChangeModalList: error?.data,
+            autoRoleChangeMessageType: error?.type,
+            updateParam: actions,
+            updatingPermission: permission,
+            updateType: 'ONLY_PERMISSIONS',
+          });
+          return;
+        }
+        this.props.updateParentState({
+          showEditRoleErrorModal: true,
+          errorTitle: error?.title ? error?.title : 'Cannot remove last admin',
+          errorMessage: error.error,
+          errorIconName: 'usergear',
+          errorListItems: error.data,
+        });
+      });
+  };
+
+  updateGranularPermissions = (allowRoleChange) => {
+    const { currentEditingPermissions, selectedApps, newPermissionName, isAll, initialPermissionState } = this.state;
+    const currentResource = currentEditingPermissions?.appsGroupPermissions?.groupApps?.map((app) => {
+      return app.app.id;
+    });
+    const selectedResource = selectedApps.filter((apps) => !apps?.isAllField)?.map((resource) => resource.value);
+    const resourcesToAdd = selectedResource
+      ?.filter((item) => !currentResource.includes(item))
+      .map((id) => {
+        return {
+          appId: id,
+        };
+      });
+    const appsToDelete = currentResource?.filter((item) => !selectedResource?.includes(item));
+    const groupAppsToDelete = currentEditingPermissions?.appsGroupPermissions?.groupApps?.filter((groupApp) =>
+      appsToDelete?.includes(groupApp.appId)
+    );
+    const resourcesToDelete = groupAppsToDelete?.map(({ id }) => {
+      return {
+        id: id,
+      };
+    });
+    const body = {
+      name: newPermissionName,
+      isAll: isAll,
+      actions: initialPermissionState,
+      resourcesToAdd,
+      resourcesToDelete,
+      allowRoleChange,
+    };
+
+    groupPermissionV2Service
+      .updateGranularPermission(currentEditingPermissions.id, body)
+      .then(() => {
+        this.fetchGranularPermissions(this.props.groupPermissionId);
+        this.closeAddPermissionModal();
+        toast.success('Permission updated successfully');
+      })
+      .catch(({ error }) => {
+        if (error?.type) {
+          this.setState({
+            showEditRoleErrorModal: false,
+            showAutoRoleChangeModal: true,
+            autoRoleChangeModalMessage: error?.error,
+            autoRoleChangeModalList: error?.data,
+            autoRoleChangeMessageType: error?.type,
+            updateType: '',
+            showAddPermissionModal: false,
+          });
+          return;
+        }
+        toast.error(error.error);
+        this.closeAddPermissionModal();
+      });
+  };
+  showPermissionText = (groupPermission) => {
+    const text =
+      groupPermission.name === 'admin'
+        ? 'Admin has edit access to all apps. These are not editable'
+        : 'End-user can only have permission to view apps';
+    return (
+      <div className="manage-granular-permissions-info">
+        <p
+          className="tj-text-xsm"
+          style={{ display: 'flex', alignItems: 'center', gap: '4px' }}
+          data-cy="helper-text-admin-app-access"
+        >
+          <SolidIcon name="informationcircle" fill="#3E63DD" /> {text}
+          <a style={{ margin: '0', padding: '0', textDecoration: 'underline', color: '#3E63DD' }}>
+            read documentation
+          </a>{' '}
+          to know more
+        </p>
+      </div>
+    );
+  };
+
+  openAddPermissionModal = () => {
+    this.setState((prevState) => ({
+      showAddPermissionModal: true,
+      initialPermissionState: { ...prevState.initialPermissionState, canView: true },
+      isAll: true,
+    }));
+  };
+
+  closeAddPermissionModal = () => {
+    this.setState({
+      currentEditingPermissions: null,
+      modalTitle: 'Add app permissions',
+      showAddPermissionModal: false,
+      modalType: 'add',
+      isAll: false,
+      isCustom: false,
+      newPermissionName: '',
+      initialPermissionState: {
+        canEdit: false,
+        canView: false,
+        hideFromDashboard: false,
+      },
+      selectedApps: [],
+    });
+  };
+
+  setSelectedApps = (values) => {
+    this.setState({ selectedApps: values });
+  };
+
+  handleAutoRoleChangeModalClose = () => {
+    this.setState({
+      showAutoRoleChangeModal: false,
+      autoRoleChangeModalMessage: '',
+      autoRoleChangeModalList: [],
+      autoRoleChangeMessageType: '',
+      updateParam: {},
+      isLoading: false,
+      updatingPermission: {},
+      updateType: '',
+    });
+  };
+  handleConfirmAutoRoleChangeGroupUpdate = () => {
+    this.updateGranularPermissions(true);
+    this.handleAutoRoleChangeModalClose();
+  };
+
+  updateState = (stateUpdater) => {
+    this.setState((prevState) => stateUpdater(prevState));
+  };
+
+  handleConfirmAutoRoleChangeOnlyGroupUpdate = () => {
+    const { updateParam, updatingPermission } = this.state;
+    this.updateOnlyGranularPermissions(updatingPermission, updateParam, true);
+    this.handleAutoRoleChangeModalClose();
+  };
+
+  render() {
+    const {
+      isEmpty,
+      showAddPermissionModal,
+      errors,
+      selectedApps,
+      initialPermissionState,
+      isAll,
+      isCustom,
+      granularPermissions,
+      isLoading,
+      addableApps,
+      modalTitle,
+      modalType,
+      newPermissionName,
+      showAutoRoleChangeModal,
+      autoRoleChangeModalMessage,
+      autoRoleChangeModalList,
+      autoRoleChangeMessageType,
+      updateParam,
+      updatingPermission,
+      updateType,
+      deleteConfirmationModal,
+      deletingPermissions,
+    } = this.state;
+
+    const resourcesOptions = ['Apps'];
+    const currentGroupPermission = this.props?.groupPermission;
+    const isRoleGroup = currentGroupPermission.name == 'admin';
+    const defaultGroup = currentGroupPermission.type === 'default';
+    const showPermissionInfo = currentGroupPermission.name == 'admin' || currentGroupPermission.name == 'end-user';
+    const disableEditUpdate = currentGroupPermission.name == 'end-user';
+    const addPermissionTooltipMessage = !newPermissionName
+      ? 'Please input permissions name'
+      : isCustom && selectedApps.length === 0
+      ? 'Please select apps or select all apps option'
+      : '';
+    return (
+      <div className="row granular-access-container justify-content-center">
+        <ConfirmDialog
+          show={deleteConfirmationModal}
+          message={'This permission will be permanently deleted. Do you want to continue?'}
+          confirmButtonLoading={deletingPermissions}
+          onConfirm={() => this.deleteGranularPermissions()}
+          onCancel={() => {
+            this.setState({ deleteConfirmationModal: false, deletingPermissions: false });
+          }}
+          darkMode={this.props.darkMode}
+        />
+        <ChangeRoleModal
+          showAutoRoleChangeModal={showAutoRoleChangeModal}
+          autoRoleChangeModalList={autoRoleChangeModalList}
+          autoRoleChangeMessageType={autoRoleChangeMessageType}
+          handleAutoRoleChangeModalClose={this.handleAutoRoleChangeModalClose}
+          handleConfirmation={
+            updateType === 'ONLY_PERMISSIONS'
+              ? this.handleConfirmAutoRoleChangeOnlyGroupUpdate
+              : this.handleConfirmAutoRoleChangeGroupUpdate
+          }
+          darkMode={this.props.darkMode}
+          isLoading={isLoading}
+        />
+        <AddEditResourcePermissionsModal
+          handleClose={this.closeAddPermissionModal}
+          handleConfirm={
+            modalType === 'add'
+              ? this.createGranularPermissions
+              : () => {
+                  this.updateGranularPermissions();
+                }
+          }
+          updateParentState={this.updateState}
+          resourceType="app"
+          currentState={this.state}
+          show={showAddPermissionModal}
+          title={
+            <div className="my-3 permission-manager-title" data-cy="modal-title">
+              <span className="font-weight-500">
+                <SolidIcon name="apps" />
+              </span>
+              <div className="tj-text-md font-weight-500" data-cy="user-email">
+                {modalTitle}
+              </div>
+              {modalType === 'edit' && !isRoleGroup && (
+                <div className="delete-icon-cont">
+                  <ButtonSolid
+                    leftIcon="delete"
+                    iconWidth="15px"
+                    className="icon-class"
+                    variant="tertiary"
+                    onClick={() => {
+                      this.setState({
+                        deleteConfirmationModal: true,
+                        showAddPermissionModal: false,
+                      });
+                    }}
+                  />
+                </div>
+              )}
+            </div>
+          }
+          confirmBtnProps={{
+            title: `${modalType === 'edit' ? 'Update' : 'Add'}`,
+            iconLeft: 'plus',
+            disabled: (modalType === 'add' && !newPermissionName) || (isCustom && selectedApps.length === 0),
+            tooltipMessage: addPermissionTooltipMessage,
+          }}
+          disableBuilderLevelUpdate={disableEditUpdate}
+          selectedApps={selectedApps}
+          setSelectedApps={this.setSelectedApps}
+          addableApps={addableApps}
+          darkMode={this.props.darkMode}
+        />
+        {!granularPermissions.length ? (
+          <div className="empty-container">
+            <div className="icon-container">
+              <SolidIcon name="granularaccess" />
+            </div>
+            <p className="my-2 tj-text-md font-weight-500">No permissions added yet</p>
+            <p className="tj-text-xsm mb-2">
+              Add assets to configure granular, asset-level permissions for this user group
+            </p>
+            <AddResourcePermissionsMenu
+              openAddPermissionModal={this.openAddPermissionModal}
+              resourcesOptions={resourcesOptions}
+              currentGroupPermission={currentGroupPermission}
+            />
+          </div>
+        ) : (
+          <>
+            {showPermissionInfo && this.showPermissionText(currentGroupPermission)}
+            <div className="manage-granular-permission-header">
+              <p data-cy="resource-header" className="tj-text-xsm">
+                {'Name'}
+              </p>
+              <p data-cy="permissions-header" className="tj-text-xsm">
+                {'Permission'}
+              </p>
+              <p data-cy="permissions-header" className="tj-text-xsm">
+                {'Resource'}
+              </p>
+            </div>
+            <div className={showPermissionInfo ? 'permission-body-one' : 'permission-body-two'}>
+              {isLoading ? (
+                <tr>
+                  <td className="col-auto">
+                    <div className="row">
+                      <div className="skeleton-line w-10 col mx-3"></div>
+                    </div>
+                  </td>
+                  <td className="col-auto">
+                    <div className="skeleton-line w-10"></div>
+                  </td>
+                  <td className="col-auto">
+                    <div className="skeleton-line w-10"></div>
+                  </td>
+                </tr>
+              ) : (
+                <>
+                  {granularPermissions.map((permissions, index) => (
+                    <AppResourcePermissions
+                      updateOnlyGranularPermissions={this.updateOnlyGranularPermissions}
+                      permissions={permissions}
+                      currentGroupPermission={currentGroupPermission}
+                      openEditPermissionModal={this.openEditPermissionModal}
+                      key={index}
+                    />
+                  ))}
+                </>
+              )}
+            </div>
+            <div className="side-button-cont">
+              <AddResourcePermissionsMenu
+                openAddPermissionModal={this.openAddPermissionModal}
+                resourcesOptions={resourcesOptions}
+                currentGroupPermission={currentGroupPermission}
+              />
+            </div>
+          </>
+        )}
+      </div>
+    );
+  }
+}
+
+export const ManageGranularAccess = withTranslation()(ManageGranularAccessComponent);
diff --git a/frontend/src/ManageGroupPermissionResourcesV2/ChangeRoleModal.jsx b/frontend/src/ManageGroupPermissionResourcesV2/ChangeRoleModal.jsx
new file mode 100644
index 0000000000..29da3bf6e7
--- /dev/null
+++ b/frontend/src/ManageGroupPermissionResourcesV2/ChangeRoleModal.jsx
@@ -0,0 +1,75 @@
+import React from 'react';
+import { useTranslation } from 'react-i18next';
+import ModalBase from '@/_ui/Modal';
+import '../ManageGroupPermissionsV2/groupPermissions.theme.scss';
+
+function ChangeRoleModal({
+  showAutoRoleChangeModal,
+  autoRoleChangeModalList,
+  autoRoleChangeMessageType,
+  handleAutoRoleChangeModalClose,
+  handleConfirmation,
+  darkMode,
+  isLoading,
+}) {
+  const { t } = useTranslation();
+
+  const renderUserChangeMessage = (type) => {
+    const changePermissionMessage = (
+      <p className="tj-text-sm">
+        Granting this permission to the user group will result in a role change for the following user(s) from{' '}
+        <b>end-users</b> to <b>builders</b>. Are you sure you want to continue?
+      </p>
+    );
+    const addUserMessage = (
+      <p className="tj-text-sm">
+        Adding the following user(s) to this group will change their default group from <b>end-users</b> to{' '}
+        <b>builders</b>. Are you sure you want to continue?
+      </p>
+    );
+    const message = type === 'USER_ROLE_CHANGE_ADD_USERS' ? addUserMessage : changePermissionMessage;
+    return message;
+  };
+
+  const renderUserChangeTitle = (type) => {
+    const addUserTitle = (
+      <div className="my-3" data-cy="modal-title">
+        <span className="tj-text-md font-weight-500">Add user(s)</span>
+      </div>
+    );
+    const updatePermissionTitile = (
+      <div className="my-3" data-cy="modal-title">
+        <span className="tj-text-md font-weight-500"> Change in user role</span>
+      </div>
+    );
+    const message = type === 'USER_ROLE_CHANGE_ADD_USERS' ? addUserTitle : updatePermissionTitile;
+    return message;
+  };
+
+  return (
+    <ModalBase
+      title={renderUserChangeTitle(autoRoleChangeMessageType)}
+      handleConfirm={handleConfirmation}
+      confirmBtnProps={{ title: 'Continue' }}
+      show={showAutoRoleChangeModal}
+      handleClose={handleAutoRoleChangeModalClose}
+      darkMode={darkMode}
+      isLoading={isLoading}
+      className="edit-role-confirm"
+    >
+      <>
+        {renderUserChangeMessage(autoRoleChangeMessageType)}
+        <p></p>
+        <div className="item-list">
+          {autoRoleChangeModalList.map((item, index) => (
+            <div key={index}>
+              <span className="tj-text-sm">{`${index + 1}. ${item}`}</span>
+            </div>
+          ))}
+        </div>
+      </>
+    </ModalBase>
+  );
+}
+
+export default ChangeRoleModal;
diff --git a/frontend/src/ManageGroupPermissionResourcesV2/constant.js b/frontend/src/ManageGroupPermissionResourcesV2/constant.js
new file mode 100644
index 0000000000..67f43536bf
--- /dev/null
+++ b/frontend/src/ManageGroupPermissionResourcesV2/constant.js
@@ -0,0 +1,70 @@
+import React from 'react';
+
+export const EDIT_ROLE_MESSAGE = {
+  admin: {
+    builder: () => {
+      return (
+        <div>
+          <p className="tj-text-sm" style={{ marginBottom: '10px' }}>
+            Changing your user group from admin to builder will revoke your access to settings.
+          </p>
+          <p className="tj-text-sm">Are you sure you want to continue?</p>
+        </div>
+      );
+    },
+    'end-user': (isPaidPlan) => {
+      return (
+        <div>
+          <p className="tj-text-sm" style={{ marginBottom: '10px' }}>
+            Changing your user group from admin to end-user will revoke your access to settings.
+            {isPaidPlan && 'This will also affect the count of users covered by your plan.'}
+          </p>
+          <p className="tj-text-sm">Are you sure you want to continue?</p>
+        </div>
+      );
+    },
+  },
+  builder: {
+    'end-user': (isPaidPlan) => {
+      return (
+        <div>
+          {isPaidPlan && (
+            <p className="tj-text-sm" style={{ marginBottom: '10px' }}>
+              Changing user default group from builder to end-user will affect the count of users covered by your plan.
+            </p>
+          )}
+          <p className="tj-text-sm">
+            This will also remove the user from any custom groups with builder-like permissions.
+          </p>
+          <p className="tj-text-sm">Are you sure you want to continue?</p>
+        </div>
+      );
+    },
+  },
+  'end-user': {
+    builder: (isPaidPlan) => {
+      return (
+        <div>
+          {isPaidPlan && (
+            <p className="tj-text-sm" style={{ marginBottom: '10px' }}>
+              Changing user default group from end-user to builder will affect the count of users covered by your plan.
+            </p>
+          )}
+          <p className="tj-text-sm">Are you sure you want to continue?</p>
+        </div>
+      );
+    },
+    admin: (isPaidPlan) => {
+      return (
+        <div>
+          {isPaidPlan && (
+            <p className="tj-text-sm" style={{ marginBottom: '10px' }}>
+              Changing user default group from end-user to admin will affect the count of users covered by your plan.
+            </p>
+          )}
+          <p className="tj-text-sm">Are you sure you want to continue?</p>
+        </div>
+      );
+    },
+  },
+};
diff --git a/frontend/src/ManageGroupPermissionResourcesV2/grpPermissionResc.theme.scss b/frontend/src/ManageGroupPermissionResourcesV2/grpPermissionResc.theme.scss
new file mode 100644
index 0000000000..581cc3eced
--- /dev/null
+++ b/frontend/src/ManageGroupPermissionResourcesV2/grpPermissionResc.theme.scss
@@ -0,0 +1,146 @@
+@import '../_styles/colors.scss';
+
+
+.check-label-disable{
+    color: var(--slate10) !important;
+}
+
+.info-container {
+  display: flex;
+  width: auto;
+  height: auto;
+  padding: 10px 12px 8px 12px;
+  border: 1px solid var(--slate5);
+  background: var(--slate2);
+  border-radius: 6px 6px 6px 6px;
+  margin-top: 13px;
+
+
+  .info-btn {
+    padding: 6px 0px 0px 0px;
+    margin-right: 5px;
+    flex: 0 0 24px;
+  }
+
+  .message {
+    margin-left: 5px;
+    display: inline-block;
+    word-wrap: break-word;
+    width: auto;
+    height: auto;
+    font-size: 12px;
+    line-height: 13px;
+    color: var(--slate11);
+    
+    p{
+      padding: 0;
+      margin: 0;
+    }
+
+    .open-git-btn {
+      margin-top: 5px;
+      color: var(--indigo9);
+      font-size: 10px;
+      font-weight: 500;
+      display: inline-block;
+
+      .open-icn {
+        margin-right: 2px;
+      }
+    }
+  }
+}
+
+.search-user-group-btn {
+    width: 20px;
+    margin-left: 2px;
+    margin-right: 7px;
+    height: 20px;
+    padding: 0 0;
+    background: none !important;
+    background-color: none !important;
+    box-shadow: none;
+
+}
+
+
+.searchbox-custom{
+    .tj-common-search-input-user {
+      width: 600px;
+    .input-icon-addon {
+        padding-right: 8px;
+        padding-left: 8px;
+
+    }
+
+    input {
+        box-sizing: border-box;
+        display: flex;
+        flex-direction: row;
+        align-items: center;
+        padding: 4px 8px !important;
+        gap: 16px;
+        width: 600px !important;
+        height: 28px !important;
+        background: var(--base);
+        border: 1px solid var(--slate7);
+        border-radius: 6px;
+        color: var(--slate12);
+        padding-left: 33px !important;
+
+
+        ::placeholder {
+        color: var(--slate9);
+        margin-left: 5px !important;
+        padding-left: 5px !important;
+        background-color: red !important;
+        }
+
+        &:hover {
+        background: var(--slate2);
+        border: 1px solid var(--slate8);
+        }
+
+        &:active {
+        background: var(--indigo2);
+        border: 2px solid var(--indigo11);
+        box-shadow: 0px 0px 0px 2px #C6D4F9;
+        outline: none;
+        }
+
+        &:focus-visible {
+        background: var(--slate2);
+        border: 1px solid var(--slate8);
+        border-radius: 6px;
+        outline: none;
+        padding-left: 12px !important;
+        }
+
+        &:disabled {
+        background: var(--slate3);
+        border: 1px solid var(--slate7);
+        }
+    }
+    }
+
+}
+
+
+.edit-role-confirm {
+  width: 350px;
+
+  .modal-footer {
+    border-top: 1px solid var(--slate6);;
+  }
+
+  .form-label{
+    color: var(--slate11);
+  }
+}
+
+
+.permission-body {
+  .tj-text-xxsm{
+    color: var(--slate11)
+  }
+}
\ No newline at end of file
diff --git a/frontend/src/ManageGroupPermissionResourcesV2/index.jsx b/frontend/src/ManageGroupPermissionResourcesV2/index.jsx
new file mode 100644
index 0000000000..f996216af8
--- /dev/null
+++ b/frontend/src/ManageGroupPermissionResourcesV2/index.jsx
@@ -0,0 +1,998 @@
+import React from 'react';
+import cx from 'classnames';
+import { groupPermissionV2Service, authenticationService } from '@/_services';
+import { toast } from 'react-hot-toast';
+import { Link } from 'react-router-dom';
+import { withTranslation } from 'react-i18next';
+import ErrorBoundary from '@/Editor/ErrorBoundary';
+import { Loader } from '../ManageSSO/Loader';
+import SolidIcon from '@/_ui/Icon/solidIcons/index';
+import BulkIcon from '@/_ui/Icon/bulkIcons/index';
+import { FilterPreview, MultiSelectUser } from '@/_components';
+
+import { ButtonSolid } from '@/_ui/AppButton/AppButton';
+import ModalBase from '@/_ui/Modal';
+import Select from '@/_ui/Select';
+import { ManageGranularAccess } from '@/ManageGranularAccess';
+import './grpPermissionResc.theme.scss';
+import { EDIT_ROLE_MESSAGE } from './constant';
+import { SearchBox } from '@/_components/SearchBox';
+import EditRoleErrorModal from '@/ManageGroupPermissionsV2/ErrorModal/ErrorModal';
+import ChangeRoleModal from '@/ManageGroupPermissionResourcesV2/ChangeRoleModal';
+import { ToolTip } from '@/_components/ToolTip';
+class ManageGroupPermissionResourcesComponent extends React.Component {
+  constructor(props) {
+    super(props);
+
+    this.state = {
+      isLoadingGroup: true,
+      isLoadingApps: true,
+      isAddingApps: false,
+      isLoadingUsers: true,
+      isAddingUsers: false,
+      groupPermission: null,
+      usersInGroup: [],
+      appsInGroup: [],
+      addableApps: [],
+      usersNotInGroup: [],
+      appsNotInGroup: [],
+      selectedAppIds: [],
+      removeAppIds: [],
+      currentTab: 'users',
+      selectedUsers: [],
+      isChangeRoleModalOpen: false,
+      updatingUserRole: null,
+      isAddUsersToRoleModalOpen: false,
+      isRoleGroup: false,
+      selectedNewRole: '',
+      showRoleEditMessage: false,
+      showUserSearchBox: false,
+      errorListItems: [],
+      errorMessage: '',
+      errorTitle: '',
+      showEditRoleErrorModal: false,
+      errorIconName: '',
+      showAutoRoleChangeModal: false,
+      autoRoleChangeModalMessage: '',
+      autoRoleChangeModalList: [],
+      autoRoleChangeMessageType: '',
+      updateParam: {},
+    };
+  }
+
+  componentDidMount() {
+    if (this.props.groupPermissionId) this.fetchGroupAndResources(this.props.groupPermissionId);
+  }
+
+  componentDidUpdate(prevProps) {
+    if (this.props.groupPermissionId && this.props.groupPermissionId !== prevProps.groupPermissionId) {
+      this.fetchGroupAndResources(this.props.groupPermissionId);
+      this.setState({
+        showUserSearchBox: false,
+      });
+    }
+  }
+
+  fetchGroupPermission = (groupPermissionId) => {
+    groupPermissionV2Service.getGroup(groupPermissionId).then(({ group, isBuilderLevel }) => {
+      this.setState((prevState) => {
+        return {
+          isRoleGroup: group.type === 'default',
+          groupPermission: group,
+          currentTab: prevState.currentTab,
+          isLoadingGroup: false,
+          isBuilderLevel: isBuilderLevel,
+        };
+      });
+    });
+  };
+
+  fetchGroupAndResources = (groupPermissionId) => {
+    this.setState({ isLoadingGroup: true });
+    this.fetchGroupPermission(groupPermissionId);
+    this.fetchUsersInGroup(groupPermissionId);
+  };
+
+  userFullName = (user) => {
+    return `${user?.first_name} ${user?.last_name ?? ''}`;
+  };
+
+  searchUsersNotInGroup = async (query, groupPermissionId) => {
+    return new Promise((resolve, reject) => {
+      groupPermissionV2Service
+        .getUsersNotInGroup(query, groupPermissionId)
+        .then((users) => {
+          resolve(
+            users.map((user) => {
+              return {
+                name: `${this.userFullName(user)} (${user.email})`,
+                value: user.id,
+                first_name: user.firstName,
+                last_name: user.lastName,
+                email: user.email,
+                role: user?.userGroups?.group?.name,
+              };
+            })
+          );
+        })
+        .catch(reject);
+    });
+  };
+
+  fetchUsersInGroup = (groupPermissionId, searchString = '') => {
+    groupPermissionV2Service.getUsersInGroup(groupPermissionId, searchString).then((data) => {
+      this.setState({
+        usersInGroup: data,
+        isLoadingUsers: false,
+      });
+    });
+  };
+
+  clearErrorState = () => {
+    this.setState({
+      errorMessage: '',
+      showEditRoleErrorModal: false,
+      errorListItems: [],
+      errorTitle: '',
+      errorIconName: '',
+      selectedUsers: [],
+      isLoadingUsers: false,
+      isAddingUsers: false,
+    });
+  };
+
+  updateGroupPermission = (groupPermissionId, params, allowRoleChange) => {
+    const currentSession = authenticationService.currentSessionValue;
+    groupPermissionV2Service
+      .update(groupPermissionId, { ...params, allowRoleChange })
+      .then(() => {
+        toast.success('Group permissions updated');
+        this.fetchGroupPermission(groupPermissionId);
+      })
+      .catch(({ error }) => {
+        if (error?.type) {
+          this.setState({
+            showAutoRoleChangeModal: true,
+            autoRoleChangeModalMessage: error?.error,
+            autoRoleChangeModalList: error?.data,
+            autoRoleChangeMessageType: error?.type,
+          });
+          return;
+        }
+        this.setState({
+          errorMessage: error?.error,
+          showEditRoleErrorModal: true,
+          errorListItems: error?.data,
+          errorTitle: error?.title ? error?.title : 'Cannot add this permission to the group',
+          errorIconName: 'lock',
+        });
+      });
+  };
+
+  setSelectedUsers = (value) => {
+    this.setState({
+      selectedUsers: value,
+    });
+  };
+
+  setSelectedApps = (value) => {
+    this.setState({
+      selectedAppIds: value,
+    });
+  };
+
+  addSelectedUsersToGroup = (groupPermissionId, selectedUsers, allowRoleChange) => {
+    this.setState({ isAddingUsers: true });
+    const body = {
+      userIds: selectedUsers.map((user) => user.value),
+      groupId: groupPermissionId,
+      allowRoleChange,
+    };
+    groupPermissionV2Service
+      .addUsersInGroups(body)
+      .then(() => {
+        this.setState({
+          selectedUsers: [],
+          isLoadingUsers: true,
+          isAddingUsers: false,
+        });
+        toast.success('Users added to the group');
+        this.fetchUsersInGroup(groupPermissionId);
+      })
+      .catch(({ error }) => {
+        if (error?.type) {
+          this.setState({
+            isLoadingUsers: false,
+            showAutoRoleChangeModal: true,
+            autoRoleChangeModalMessage: error?.error,
+            autoRoleChangeModalList: error?.data,
+            autoRoleChangeMessageType: error?.type,
+          });
+          return;
+        }
+        this.setState({
+          showEditRoleErrorModal: true,
+          errorTitle: error?.title,
+          errorMessage: error?.error,
+          errorIconName: 'usergear',
+          isAddingUsers: false,
+        });
+      });
+  };
+
+  removeUserFromGroup = (groupUserId) => {
+    const { groupPermission } = this.state;
+    groupPermissionV2Service
+      .deleteUserFromGroup(groupUserId)
+      .then(() => {
+        this.setState({ removeUserIds: [], isLoadingUsers: true });
+        this.fetchUsersInGroup(groupPermission.id);
+      })
+      .then(() => {
+        toast.success('User removed from the group');
+      })
+      .catch(({ error }) => {
+        toast.error(error);
+      });
+  };
+
+  showPermissionText = () => {
+    const { groupPermission } = this.state;
+    const text =
+      groupPermission.name === 'admin'
+        ? 'Admin has edit access to all apps. These are not editable'
+        : 'End-user can only have permission to view apps';
+    return (
+      <div className="manage-group-users-info">
+        <p
+          className="tj-text-xsm"
+          style={{ display: 'flex', alignItems: 'center', gap: '4px' }}
+          data-cy="helper-text-admin-app-access"
+        >
+          <SolidIcon name="informationcircle" fill="#3E63DD" /> {text}
+          <a
+            style={{ margin: '0', padding: '0', textDecoration: 'underline', color: '#3E63DD' }}
+            href="https://docs.tooljet.com/docs/tutorial/manage-users-groups/"
+          >
+            read documentation
+          </a>{' '}
+          to know more
+        </p>
+      </div>
+    );
+  };
+
+  removeSelection = (selected, value) => {
+    const updatedData = selected.filter((d) => d.value !== value);
+    this.setSelectedUsers([...updatedData]);
+  };
+
+  setErrorState = (state = {}) => {
+    this.setState({
+      ...state,
+    });
+  };
+
+  updateUserRole = () => {
+    const { updatingUserRole, groupPermission, selectedNewRole } = this.state;
+    const currentSession = authenticationService.currentSessionValue;
+    const currentUser = currentSession?.current_user;
+    this.setState({
+      isLoadingUsers: true,
+    });
+    const body = {
+      newRole: selectedNewRole,
+      userId: updatingUserRole.id,
+    };
+    groupPermissionV2Service
+      .updateUserRole(body)
+      .then(() => {
+        this.fetchUsersInGroup(groupPermission.id);
+        toast.success('Role updated successfully');
+        if (groupPermission?.name === 'admin') window.location.reload();
+        if (currentUser.id === updatingUserRole.id) window.location.reload(true);
+      })
+      .catch(({ error }) => {
+        this.setState({
+          showEditRoleErrorModal: true,
+          errorTitle: error?.title ? error?.title : 'Cannot remove last admin',
+          errorMessage: error.error,
+          errorIconName: 'usergear',
+          errorListItems: error.data,
+        });
+      })
+      .finally(() => {
+        this.closeChangeRoleModal();
+      });
+  };
+  closeChangeRoleModal = () =>
+    this.setState({
+      isChangeRoleModalOpen: false,
+      showRoleEditMessage: false,
+      updatingUserRole: null,
+      selectedNewRole: null,
+      isLoadingUsers: false,
+    });
+
+  changeThisComponentState = (state = {}) => {
+    this.setState(state);
+  };
+
+  generateSelection = (selected) => {
+    return selected?.map((d) => {
+      return (
+        <div className="selected-item tj-ms tj-ms-usergroup" key={d.value}>
+          <FilterPreview text={`${d?.email}`} onClose={() => this.removeSelection(selected, d.value)} />
+        </div>
+      );
+    });
+  };
+
+  openChangeRoleModal = (updatingUser) =>
+    this.setState({ isChangeRoleModalOpen: true, updatingUserRole: updatingUser });
+
+  showChangeRoleModalMessage = () => {
+    console.log('called');
+    this.setState({ showRoleEditMessage: true });
+  };
+
+  handleUserSearchInGroup = (e) => {
+    this.fetchUsersInGroup(this.props.groupPermissionId, e?.target?.value);
+  };
+
+  toggleUserTabSearchBox = () => {
+    this.fetchUsersInGroup(this.props.groupPermissionId);
+    this.setState((prevState) => ({
+      showUserSearchBox: !prevState.showUserSearchBox,
+    }));
+  };
+
+  toggleAutoRoleChangeModal = () => {
+    this.setState((prevState) => ({
+      showAutoRoleChangeModal: !prevState.showAutoRoleChangeModal,
+    }));
+  };
+  handleAutoRoleChangeModalClose = () => {
+    this.setState({
+      showAutoRoleChangeModal: false,
+      autoRoleChangeModalMessage: '',
+      autoRoleChangeModalList: [],
+      autoRoleChangeMessageType: '',
+      updateParam: {},
+      isLoadingGroup: false,
+      isLoadingUsers: false,
+      isAddingUsers: false,
+    });
+  };
+
+  renderUserChangeMessage = (type) => {
+    const changePermissionMessage = (
+      <p className="tj-text-sm">
+        Granting this permission to the user group will result in a role change for the following user(s) from{' '}
+        <b>end-users</b> to <b>builders</b>. Are you sure you want to continue?
+      </p>
+    );
+    const addUserMessage = (
+      <p className="tj-text-sm">
+        Adding the following user(s) to this group will change their default group from <b>end-users</b> to{' '}
+        <b>builders</b>. Are you sure you want to continue?
+      </p>
+    );
+    const message = type === 'USER_ROLE_CHANGE_ADD_USERS' ? addUserMessage : changePermissionMessage;
+    return message;
+  };
+
+  toggleAddUsersToRoleModal = () => this.setState({ isAddUsersToRoleModalOpen: !this.state.isAddUsersToRoleModalOpen });
+
+  handleConfirmAutoRoleChangeGroupUpdate = () => {
+    const { updateParam, groupPermission } = this.state;
+    this.updateGroupPermission(groupPermission.id, updateParam, true);
+    this.setState({
+      updateParam: {},
+    });
+    this.handleAutoRoleChangeModalClose();
+  };
+
+  handleConfirmAutoRoleChangeAddUser = () => {
+    const { groupPermission, selectedUsers } = this.state;
+    this.addSelectedUsersToGroup(groupPermission?.id, selectedUsers, true);
+    this.handleAutoRoleChangeModalClose();
+  };
+
+  render() {
+    if (!this.props.groupPermissionId) return null;
+
+    const {
+      isLoadingGroup,
+      isLoadingUsers,
+      isAddingUsers,
+      appsNotInGroup,
+      usersInGroup,
+      groupPermission,
+      currentTab,
+      selectedUsers,
+      isChangeRoleModalOpen,
+      isAddUsersToRoleModalOpen,
+      updatingUserRole,
+      isRoleGroup,
+      selectedNewRole,
+      showRoleEditMessage,
+      showUserSearchBox,
+      errorListItems,
+      errorMessage,
+      errorTitle,
+      showEditRoleErrorModal,
+      errorIconName,
+      showAutoRoleChangeModal,
+      autoRoleChangeModalMessage,
+      autoRoleChangeModalList,
+      autoRoleChangeMessageType,
+    } = this.state;
+
+    const isBasicPlan = false;
+    const isPaidPlan = false;
+
+    const searchSelectClass = this.props.darkMode ? 'select-search-dark' : 'select-search';
+    const showPermissionInfo =
+      isRoleGroup && (groupPermission?.name === 'admin' || groupPermission?.name === 'end-user');
+    const disablePermissionUpdate =
+      isBasicPlan || groupPermission?.name === 'admin' || groupPermission?.name === 'end-user';
+
+    return (
+      <ErrorBoundary showFallback={false}>
+        <EditRoleErrorModal
+          darkMode={this.props.darkMode}
+          show={showEditRoleErrorModal}
+          errorMessage={errorMessage}
+          errorTitle={errorTitle}
+          listItems={errorListItems}
+          iconName={errorIconName}
+          onClose={this.clearErrorState}
+        />
+        <ModalBase
+          title={
+            <div className="my-3" data-cy="modal-title">
+              <span className="tj-text-md font-weight-500">Edit user role</span>
+              <div className="tj-text-sm text-muted" data-cy="user-email">
+                {updatingUserRole?.email}
+              </div>
+            </div>
+          }
+          handleConfirm={
+            EDIT_ROLE_MESSAGE?.[groupPermission?.name]?.[selectedNewRole] && !showRoleEditMessage
+              ? this.showChangeRoleModalMessage
+              : this.updateUserRole
+          }
+          show={isChangeRoleModalOpen}
+          isLoading={isLoadingUsers}
+          handleClose={this.closeChangeRoleModal}
+          confirmBtnProps={{ title: 'Continue', disabled: !selectedNewRole }}
+          darkMode={this.props.darkMode}
+          className="edit-role-confirm"
+        >
+          {selectedNewRole && showRoleEditMessage ? (
+            <div>{EDIT_ROLE_MESSAGE?.[groupPermission?.name]?.[selectedNewRole](isPaidPlan)}</div>
+          ) : (
+            <div>
+              <label className="form-label">User role</label>
+              <Select
+                options={this.props.roleOptions.filter((group) => group.value !== groupPermission?.name)}
+                value={selectedNewRole}
+                width={'100%'}
+                useMenuPortal={false}
+                onChange={(selectedOption) => {
+                  this.setState({
+                    selectedNewRole: selectedOption,
+                  });
+                }}
+                placeholder="Select new role of user"
+              />
+              <div className="info-container">
+                <div className="col-md-1 info-btn">
+                  <SolidIcon name="informationcircle" fill="#3E63DD" />
+                </div>
+                <div className="col-md-11">
+                  <div className="message" data-cy="warning-text">
+                    <p style={{ lineHeight: '18px' }}>
+                      Users must be always be part of one default group. This will define the user count in your plan.
+                    </p>
+                  </div>
+                </div>
+              </div>
+            </div>
+          )}
+        </ModalBase>
+        <ChangeRoleModal
+          showAutoRoleChangeModal={showAutoRoleChangeModal}
+          autoRoleChangeModalList={autoRoleChangeModalList}
+          autoRoleChangeMessageType={autoRoleChangeMessageType}
+          handleAutoRoleChangeModalClose={this.handleAutoRoleChangeModalClose}
+          handleConfirmation={
+            autoRoleChangeMessageType === 'USER_ROLE_CHANGE_ADD_USERS'
+              ? this.handleConfirmAutoRoleChangeAddUser
+              : this.handleConfirmAutoRoleChangeGroupUpdate
+          }
+          darkMode={this.props.darkMode}
+          isLoading={isLoadingGroup || isLoadingUsers}
+        />
+        <div className="org-users-page animation-fade">
+          {isLoadingGroup || isLoadingUsers ? (
+            <Loader />
+          ) : (
+            <div>
+              <div className="justify-content-between d-flex groups-main-header-wrap">
+                <p
+                  className="font-weight-500 tj-text-md"
+                  // data-cy={`${this.props.selectedGroup.toLowerCase().replace(/\s+/g, '-')}-title`}
+                >
+                  {`${this.props.selectedGroup} (${usersInGroup.length})`}
+                </p>
+                {groupPermission.type === 'default' && (
+                  <ToolTip message={'Every user must be part of one default group'}>
+                    <div className="default-group-wrap">
+                      <SolidIcon name="information" fill="#46A758" width="15" />
+                      <p className="font-weight-500 tj-text-sm" data-cy="text-default-group">
+                        Default group
+                      </p>
+                    </div>
+                  </ToolTip>
+                )}
+                {groupPermission.type === 'custom' && (
+                  <div className="user-group-actions">
+                    <Link
+                      onClick={() => this.props.updateGroupName(groupPermission)}
+                      data-cy={`${String(groupPermission.group)
+                        .toLowerCase()
+                        .replace(/\s+/g, '-')}-group-name-update-link`}
+                      className="tj-text-xsm font-weight-500 edit-group"
+                    >
+                      <SolidIcon name="editrectangle" width="14" />
+                      Rename
+                    </Link>
+                  </div>
+                )}
+              </div>
+
+              <nav className="nav nav-tabs groups-sub-header-wrap">
+                <a
+                  onClick={() => this.setState({ currentTab: 'users', showUserSearchBox: false })}
+                  className={cx('nav-item nav-link', { active: currentTab === 'users' })}
+                  data-cy="users-link"
+                >
+                  <SolidIcon
+                    name="usergroup"
+                    fill={currentTab === 'users' ? '#3E63DD' : '#C1C8CD'}
+                    className="manage-group-tab-icons"
+                    width="16"
+                  ></SolidIcon>
+
+                  {this.props.t('header.organization.menus.manageGroups.permissionResources.users', 'Users')}
+                </a>
+
+                <a
+                  onClick={() => this.setState({ currentTab: 'permissions', showUserSearchBox: false })}
+                  className={cx('nav-item nav-link', { active: currentTab === 'permissions' })}
+                  data-cy="permissions-link"
+                >
+                  <SolidIcon
+                    className="manage-group-tab-icons"
+                    fill={currentTab === 'permissions' ? '#3E63DD' : '#C1C8CD'}
+                    name="lock"
+                    width="16"
+                  ></SolidIcon>
+
+                  {this.props.t(
+                    'header.organization.menus.manageGroups.permissionResources.permissions',
+                    'Permissions'
+                  )}
+                </a>
+                <a
+                  onClick={() => this.setState({ currentTab: 'granularAccess', showUserSearchBox: false })}
+                  className={cx('nav-item nav-link', { active: currentTab === 'granularAccess' })}
+                  data-cy="granular-access-link"
+                >
+                  <SolidIcon
+                    className="manage-group-tab-icons"
+                    fill={currentTab === 'granularAccess' ? '#3E63DD' : '#C1C8CD'}
+                    name="granularaccess"
+                    width="16"
+                  ></SolidIcon>
+                  Granular access
+                </a>
+              </nav>
+
+              <div className="manage-groups-body">
+                <div className="tab-content">
+                  {/* Users Tab */}
+                  <div className={`tab-pane ${currentTab === 'users' ? 'active show' : ''}`}>
+                    {!isRoleGroup && (
+                      <div className="row">
+                        <div className="col" data-cy="multi-select-search">
+                          <MultiSelectUser
+                            className={{
+                              container: searchSelectClass,
+                              value: `${searchSelectClass}__value`,
+                              input: `${searchSelectClass}__input`,
+                              select: `${searchSelectClass}__select`,
+                              options: `${searchSelectClass}__options`,
+                              row: `${searchSelectClass}__row`,
+                              option: `${searchSelectClass}__option`,
+                              group: `${searchSelectClass}__group`,
+                              'group-header': `${searchSelectClass}__group-header`,
+                              'is-selected': 'is-selected',
+                              'is-highlighted': 'is-highlighted',
+                              'is-loading': 'is-loading',
+                              'is-multiple': 'is-multiple',
+                              'has-focus': 'has-focus',
+                              'not-found': `${searchSelectClass}__not-found`,
+                            }}
+                            onSelect={this.setSelectedUsers}
+                            onSearch={(query) => this.searchUsersNotInGroup(query, groupPermission.id)}
+                            selectedValues={selectedUsers}
+                            onReset={() => this.setSelectedUsers([])}
+                            placeholder="Select users to add to the group"
+                            searchLabel="Enter name or email"
+                          />
+                        </div>
+                        <div className="col-auto">
+                          <ButtonSolid
+                            onClick={() => this.addSelectedUsersToGroup(groupPermission?.id, selectedUsers)}
+                            disabled={selectedUsers.length === 0}
+                            leftIcon="plus"
+                            fill={selectedUsers.length !== 0 ? '#ffffff' : this.props.darkMode ? '#131620' : '#C1C8CD'}
+                            iconWidth="16"
+                            className="add-users-button"
+                            isLoading={isAddingUsers}
+                            data-cy={`${String(groupPermission.group)
+                              .toLowerCase()
+                              .replace(/\s+/g, '-')}-group-add-button`}
+                          >
+                            Add users
+                          </ButtonSolid>
+                        </div>
+                        {selectedUsers.length > 0 && (
+                          <div className="row mt-2">
+                            <div className="selected-section">
+                              <div className="selected-text">Selected Users 123:</div>
+                              {this.generateSelection(selectedUsers)}
+                            </div>
+                          </div>
+                        )}
+                      </div>
+                    )}
+                    <br />
+                    <div>
+                      {showUserSearchBox ? (
+                        <div className="searchbox-custom">
+                          <SearchBox
+                            dataCy={`query-manager`}
+                            width="600px !important"
+                            callBack={this.handleUserSearchInGroup}
+                            placeholder={'Search'}
+                            customClass="tj-common-search-input-user"
+                            onClearCallback={this.toggleUserTabSearchBox}
+                            autoFocus={true}
+                          />
+                        </div>
+                      ) : (
+                        <div className="manage-group-table-head">
+                          <ButtonSolid
+                            onClick={(e) => {
+                              e.preventDefault();
+                              this.toggleUserTabSearchBox();
+                            }}
+                            size="xsm"
+                            rightIcon="search"
+                            iconWidth="15"
+                            fill="#889096"
+                            className="search-user-group-btn"
+                          />
+                          <p className="tj-text-xsm" data-cy="name-header">
+                            User name
+                          </p>
+                          <p className="tj-text-xsm" data-cy="email-header">
+                            Email id
+                          </p>
+                          <p className="tj-text-xsm"></p> {/* DO NOT REMOVE FOR TABLE ALIGNMENT  */}
+                        </div>
+                      )}
+
+                      <section className="group-users-list-container">
+                        {isLoadingGroup || isLoadingUsers ? (
+                          <tr>
+                            <td className="col-auto">
+                              <div className="row">
+                                <div className="skeleton-line w-10 col mx-3"></div>
+                              </div>
+                            </td>
+                            <td className="col-auto">
+                              <div className="skeleton-line w-10"></div>
+                            </td>
+                            <td className="col-auto">
+                              <div className="skeleton-line w-10"></div>
+                            </td>
+                          </tr>
+                        ) : usersInGroup.length > 0 || showUserSearchBox ? (
+                          usersInGroup.map((item) => {
+                            const user = item.user;
+                            const groupUserId = item.id;
+                            return (
+                              <div
+                                key={user.id}
+                                className="manage-group-users-row"
+                                data-cy={`${String(user.email).toLowerCase().replace(/\s+/g, '-')}-user-row`}
+                              >
+                                <p className="tj-text-sm d-flex align-items-center">
+                                  <div className="name-avatar">
+                                    {`${user?.firstName?.[0] ?? ''} ${user?.lastName?.[0] ?? ''}`}
+                                  </div>
+                                  <span>{`${user?.firstName ?? ''} ${user?.lastName ?? ''}`}</span>
+                                </p>
+                                <p className="tj-text-sm d-flex align-items-center" style={{ paddingLeft: '12px' }}>
+                                  <span> {user.email}</span>
+                                </p>
+                                <p className="tj-text-sm d-flex align-items-center">
+                                  <div className="d-flex align-items-center edit-role-btn">
+                                    {!isRoleGroup && (
+                                      <Link to="#" className="remove-decoration">
+                                        <ButtonSolid
+                                          variant="dangerSecondary"
+                                          className="apps-remove-btn remove-decoration tj-text-xsm font-weight-600"
+                                          onClick={() => {
+                                            this.removeUserFromGroup(groupUserId);
+                                          }}
+                                          leftIcon="remove"
+                                          fill="#F3B0A2"
+                                          iconWidth="18"
+                                        >
+                                          {this.props.t('globals.remove', 'Remove')}
+                                        </ButtonSolid>
+                                      </Link>
+                                    )}
+                                  </div>
+                                  {isRoleGroup && (
+                                    <div className="edit-role-btn">
+                                      <ButtonSolid
+                                        variant="tertiary"
+                                        iconWidth="17"
+                                        fill="var(--slate9)"
+                                        className="apps-remove-btn remove-decoration tj-text-xsm font-weight-600"
+                                        leftIcon="editable"
+                                        onClick={() => {
+                                          this.openChangeRoleModal(user);
+                                        }}
+                                      >
+                                        Edit role
+                                      </ButtonSolid>
+                                    </div>
+                                  )}
+                                </p>
+                              </div>
+                            );
+                          })
+                        ) : (
+                          <div className="manage-groups-no-apps-wrap">
+                            <div className="manage-groups-no-apps-icon">
+                              <BulkIcon name="users" fill="#3E63DD" width="48" />
+                            </div>
+                            <p className="tj-text-md font-weight-500" data-cy="helper-text-no-apps-added">
+                              No users added yet
+                            </p>
+                            <span className="tj-text-sm text-center" data-cy="helper-text-user-groups-permissions">
+                              Add users to this group to configure
+                              <br /> permissions for them!
+                            </span>
+                          </div>
+                        )}
+                      </section>
+                    </div>
+                  </div>
+
+                  {/* Permissions Tab */}
+
+                  <aside className={`tab-pane ${currentTab === 'permissions' ? 'active show' : ''}`}>
+                    <div>
+                      <div>
+                        <div>
+                          {showPermissionInfo && this.showPermissionText()}
+                          <div className="manage-group-permision-header">
+                            <p data-cy="resource-header" className="tj-text-xsm">
+                              {this.props.t(
+                                'header.organization.menus.manageGroups.permissionResources.resource',
+                                'Resource'
+                              )}
+                            </p>
+                            <p data-cy="permissions-header" className="tj-text-xsm">
+                              {this.props.t(
+                                'header.organization.menus.manageGroups.permissionResources.permissions',
+                                'Permissions'
+                              )}
+                            </p>
+                          </div>
+                          <div className="permission-body">
+                            {isLoadingGroup ? (
+                              <tr>
+                                <td className="col-auto">
+                                  <div className="row">
+                                    <div className="skeleton-line w-10 col mx-3"></div>
+                                  </div>
+                                </td>
+                                <td className="col-auto">
+                                  <div className="skeleton-line w-10"></div>
+                                </td>
+                                <td className="col-auto">
+                                  <div className="skeleton-line w-10"></div>
+                                </td>
+                              </tr>
+                            ) : (
+                              <>
+                                <div className="manage-groups-permission-apps">
+                                  <div data-cy="resource-apps">
+                                    {this.props.t(
+                                      'header.organization.menus.manageGroups.permissionResources.apps',
+                                      'Apps'
+                                    )}
+                                  </div>
+                                  <div className="text-muted">
+                                    <div className="d-flex apps-permission-wrap flex-column">
+                                      <label className="form-check form-check-inline">
+                                        <input
+                                          className="form-check-input"
+                                          type="checkbox"
+                                          onChange={() => {
+                                            this.updateGroupPermission(groupPermission.id, {
+                                              appCreate: !groupPermission.appCreate,
+                                            });
+                                            this.setState({
+                                              updateParam: { appCreate: !groupPermission.appCreate },
+                                            });
+                                          }}
+                                          checked={groupPermission.appCreate}
+                                          disabled={disablePermissionUpdate}
+                                          data-cy="app-create-checkbox"
+                                        />
+                                        <span className="form-check-label" data-cy="app-create-label">
+                                          {this.props.t('globals.create', 'Create')}
+                                        </span>
+                                        <span
+                                          class={`tj-text-xxsm ${disablePermissionUpdate && 'check-label-disable'}`}
+                                        >
+                                          Create apps in this workspace
+                                        </span>
+                                      </label>
+                                      <label className="form-check form-check-inline">
+                                        <input
+                                          className="form-check-input"
+                                          type="checkbox"
+                                          onChange={() => {
+                                            this.updateGroupPermission(groupPermission.id, {
+                                              appDelete: !groupPermission.appDelete,
+                                            });
+                                            this.setState({
+                                              updateParam: { appDelete: !groupPermission.appDelete },
+                                            });
+                                          }}
+                                          checked={groupPermission.appDelete}
+                                          disabled={disablePermissionUpdate}
+                                          data-cy="app-delete-checkbox"
+                                        />
+                                        <span className="form-check-label" data-cy="app-delete-label">
+                                          {this.props.t('globals.delete', 'Delete')}
+                                        </span>
+                                        <span
+                                          class={`tj-text-xxsm ${disablePermissionUpdate && 'check-label-disable'}`}
+                                        >
+                                          Delete any app in this workspace
+                                        </span>
+                                      </label>
+                                    </div>
+                                  </div>
+                                </div>
+
+                                <div className="apps-folder-permission-wrap">
+                                  <div data-cy="resource-folders">
+                                    {this.props.t(
+                                      'header.organization.menus.manageGroups.permissionResources.folder',
+                                      'Folder'
+                                    )}
+                                  </div>
+                                  <div className="text-muted">
+                                    <div>
+                                      <label className="form-check form-check-inline">
+                                        <input
+                                          className="form-check-input"
+                                          type="checkbox"
+                                          onChange={() => {
+                                            this.updateGroupPermission(groupPermission.id, {
+                                              folderCRUD: !groupPermission.folderCRUD,
+                                            });
+                                            this.setState({
+                                              updateParam: { folderCRUD: !groupPermission.folderCRUD },
+                                            });
+                                          }}
+                                          checked={groupPermission.folderCRUD}
+                                          disabled={disablePermissionUpdate}
+                                          data-cy="folder-create-checkbox"
+                                        />
+                                        <span className="form-check-label" data-cy="folder-create-label">
+                                          {this.props.t(
+                                            'header.organization.menus.manageGroups.permissionResources.createUpdateDelete',
+                                            'Create/Update/Delete'
+                                          )}
+                                        </span>
+                                        <span
+                                          class={`tj-text-xxsm ${disablePermissionUpdate && 'check-label-disable'}`}
+                                        >
+                                          All operations on folders
+                                        </span>
+                                      </label>
+                                    </div>
+                                  </div>
+                                </div>
+                                <div className="apps-variable-permission-wrap">
+                                  <div data-cy="resource-workspace-variable">
+                                    {this.props.t('globals.environmentVar', 'Workspace constant/variable')}
+                                  </div>
+                                  <div className="text-muted">
+                                    <div>
+                                      <label className="form-check form-check-inline">
+                                        <input
+                                          className="form-check-input"
+                                          type="checkbox"
+                                          onChange={() => {
+                                            this.updateGroupPermission(groupPermission.id, {
+                                              orgConstantCRUD: !groupPermission.orgConstantCRUD,
+                                            });
+                                            this.setState({
+                                              updateParam: { orgConstantCRUD: !groupPermission.orgConstantCRUD },
+                                            });
+                                          }}
+                                          checked={groupPermission.orgConstantCRUD}
+                                          disabled={disablePermissionUpdate}
+                                          data-cy="env-variable-checkbox"
+                                        />
+                                        <span className="form-check-label" data-cy="workspace-variable-create-label">
+                                          {this.props.t(
+                                            'header.organization.menus.manageGroups.permissionResources.createUpdateDelete',
+                                            'Create/Update/Delete'
+                                          )}
+                                        </span>
+                                        <span
+                                          class={`tj-text-xxsm ${disablePermissionUpdate && 'check-label-disable'}`}
+                                        >
+                                          All operations on workspace constants
+                                        </span>
+                                      </label>
+                                    </div>
+                                  </div>
+                                </div>
+                              </>
+                            )}
+                          </div>
+                        </div>
+                      </div>
+                    </div>
+                  </aside>
+
+                  {/* Granular Access */}
+                  <aside className={`tab-pane ${currentTab === 'granularAccess' ? 'active show' : ''}`}>
+                    <ManageGranularAccess
+                      groupPermissionId={groupPermission.id}
+                      groupPermission={groupPermission}
+                      setErrorState={this.setErrorState}
+                      updateParentState={this.changeThisComponentState}
+                      fetchGroup={this.fetchGroupPermission}
+                      darkMode={this.props.darkMode}
+                    />
+                  </aside>
+                </div>
+              </div>
+            </div>
+          )}
+        </div>
+      </ErrorBoundary>
+    );
+  }
+}
+
+export const ManageGroupPermissionResourcesV2 = withTranslation()(ManageGroupPermissionResourcesComponent);
diff --git a/frontend/src/ManageGroupPermissions/ManageGroupPermissions.jsx b/frontend/src/ManageGroupPermissions/ManageGroupPermissions.jsx
index a7fb9ca550..3bed6a747c 100644
--- a/frontend/src/ManageGroupPermissions/ManageGroupPermissions.jsx
+++ b/frontend/src/ManageGroupPermissions/ManageGroupPermissions.jsx
@@ -455,7 +455,7 @@ class ManageGroupPermissionsComponent extends React.Component {
               title={
                 showGroupNameUpdateForm
                   ? this.props.t('header.organization.menus.manageGroups.permissions.updateGroup', 'Update group')
-                  : this.props.t('header.organization.menus.manageGroups.permissions.addNewGroup', 'Add new group')
+                  : this.props.t('header.organization.menus.manageGroups.permissions.addNewGroup', 'Create new group')
               }
             >
               <form
diff --git a/frontend/src/ManageGroupPermissionsV2/ErrorModal/ErrorModal.jsx b/frontend/src/ManageGroupPermissionsV2/ErrorModal/ErrorModal.jsx
new file mode 100644
index 0000000000..7571cf8c28
--- /dev/null
+++ b/frontend/src/ManageGroupPermissionsV2/ErrorModal/ErrorModal.jsx
@@ -0,0 +1,55 @@
+import React from 'react';
+import { Modal } from 'react-bootstrap';
+import { useTranslation } from 'react-i18next';
+import SolidIcon from '@/_ui/Icon/SolidIcons';
+import { ButtonSolid } from '@/_ui/AppButton/AppButton';
+import '../groupPermissions.theme.scss';
+
+function EditRoleErrorModal({
+  darkMode,
+  errorTitle = '',
+  listItems = [],
+  errorMessage = '',
+  show = false,
+  iconName = '',
+  onClose,
+}) {
+  const { t } = useTranslation();
+
+  return (
+    <Modal
+      className={`edit-role-modal ${darkMode ? 'dark-mode' : ''}`}
+      aria-labelledby="contained-modal-title-vcenter"
+      centered
+      show={show}
+    >
+      <Modal.Header>
+        <div className="remove-icon-container">
+          <ButtonSolid
+            className="close-btn"
+            leftIcon="remove"
+            onClick={() => onClose()}
+            data-cy="close-button"
+            iconWidth="20"
+          />
+        </div>
+        <div className="icon-class">
+          <SolidIcon name={iconName} width="32" fill="#E54D2E" />
+        </div>
+        <span className="header-text">{errorTitle}</span>
+        <p>{errorMessage}</p>
+      </Modal.Header>
+      <Modal.Body>
+        <div className="item-list">
+          {listItems.map((item, index) => (
+            <div key={index}>
+              <span className="tj-text-sm">{`${index + 1}. ${item}`}</span>
+            </div>
+          ))}
+        </div>
+      </Modal.Body>
+    </Modal>
+  );
+}
+
+export default EditRoleErrorModal;
diff --git a/frontend/src/ManageGroupPermissionsV2/ManageGroupPermissionsV2.jsx b/frontend/src/ManageGroupPermissionsV2/ManageGroupPermissionsV2.jsx
new file mode 100644
index 0000000000..170e2f8602
--- /dev/null
+++ b/frontend/src/ManageGroupPermissionsV2/ManageGroupPermissionsV2.jsx
@@ -0,0 +1,788 @@
+import React from 'react';
+import { groupPermissionV2Service } from '@/_services';
+import { Tooltip } from 'react-tooltip';
+import { ConfirmDialog } from '@/_components';
+import { toast } from 'react-hot-toast';
+import { withTranslation } from 'react-i18next';
+import ErrorBoundary from '@/Editor/ErrorBoundary';
+import Modal from '../HomePage/Modal';
+import { ButtonSolid } from '@/_ui/AppButton/AppButton';
+import FolderList from '@/_ui/FolderList/FolderList';
+import { Loader } from '../ManageSSO/Loader';
+import Popover from 'react-bootstrap/Popover';
+import SolidIcon from '@/_ui/Icon/solidIcons/index';
+import ModalBase from '@/_ui/Modal';
+import OverflowTooltip from '@/_components/OverflowTooltip';
+import { ManageGroupPermissionResourcesV2 } from '@/ManageGroupPermissionResourcesV2';
+import './groupPermissions.theme.scss';
+import { SearchBox } from '@/_components/SearchBox';
+class ManageGroupPermissionsComponent extends React.Component {
+  constructor(props) {
+    super(props);
+
+    this.state = {
+      isLoading: true,
+      groups: [],
+      defaultGroups: [],
+      creatingGroup: false,
+      showNewGroupForm: false,
+      newGroupName: '',
+      isDeletingGroup: false,
+      isUpdatingGroupName: false,
+      showGroupDeletionConfirmation: false,
+      showGroupNameUpdateForm: false,
+      groupToBeUpdated: null,
+      isSaveBtnDisabled: false,
+      selectedGroupPermissionId: null,
+      selectedGroup: 'Admin',
+      isDuplicatingGroup: false,
+      selectedGroupObject: null,
+      groupDuplicateOption: { addPermission: true, addApps: true, addUsers: true },
+      showDuplicateGroupModal: false,
+      groupToDuplicate: '',
+      showGroupSearchBar: false,
+      filteredGroup: [],
+      groupNameMessage: 'Group name must be unique and max 50 characters',
+    };
+  }
+
+  componentDidMount() {
+    this.fetchGroups();
+  }
+
+  findCurrentGroupDetails = (data) => {
+    let currentUpdatedGroup = data.find((item) => {
+      return item.name == this.state.newGroupName;
+    });
+    this.setState({ selectedGroup: currentUpdatedGroup.name });
+    return currentUpdatedGroup.id;
+  };
+
+  duplicateGroup = () => {
+    const { groupDuplicateOption, groupToDuplicate } = this.state;
+    this.setState({ isDuplicatingGroup: true, creatingGroup: true });
+    groupPermissionV2Service
+      .duplicate(groupToDuplicate, groupDuplicateOption)
+      .then((data) => {
+        this.setState({
+          newGroupName: data?.name,
+        });
+
+        this.fetchGroups('current', () => {
+          this.setState({
+            newGroupName: '',
+            creatingGroup: false,
+            selectedGroupPermissionId: data?.id,
+            selectedGroup: data?.name,
+            isDuplicatingGroup: false,
+            showDuplicateGroupModal: false,
+            groupDuplicateOption: { addPermission: true, addApps: true, addUsers: true },
+          });
+        });
+
+        toast.success('Group duplicated successfully!');
+      })
+      .catch((err) => {
+        this.setState({
+          isDuplicatingGroup: false,
+          groupDuplicateOption: { addPermission: true, addApps: true, addUsers: true },
+        });
+        console.error('Error occured in duplicating: ', err);
+        toast.error('Could not duplicate group.\nPlease try again!');
+      });
+  };
+
+  toggleShowDuplicateModal = () => {
+    this.setState((prevState) => ({
+      showDuplicateGroupModal: !prevState.showDuplicateGroupModal,
+      groupToDuplicate: '',
+      groupDuplicateOption: { addPermission: true, addApps: true, addUsers: true },
+    }));
+  };
+
+  renderPopoverContent = (props, compoParam) => {
+    const { groupName, id } = compoParam;
+    const deleteGroup = () => {
+      this.deleteGroup(id);
+    };
+
+    const duplicateGroup = () => {
+      this.showDuplicateDiologBox(id);
+    };
+
+    const isDefaultGroup = groupName == 'end-user' || groupName == 'admin' || groupName == 'builder';
+
+    return (
+      <div
+        {...props}
+        style={{
+          position: 'absolute',
+          ...props.style,
+        }}
+      >
+        <Popover
+          id="popover-group-menu"
+          className={this.props.darkMode ? 'popover-group-menu dark-theme' : 'popover-group-menu'}
+          placement="bottom"
+        >
+          <Popover.Body bsPrefix="popover-body">
+            <div>
+              <Field
+                customClass={this.props.darkMode ? 'dark-theme' : ''}
+                leftIcon="copy"
+                leftIconWidth="20"
+                leftViewBox="0  0 20 20"
+                text={'Duplicate group'}
+                onClick={duplicateGroup}
+              />
+              <Field
+                customClass={this.props.darkMode ? 'dark-theme' : ''}
+                leftIcon="delete"
+                leftIconWidth="18"
+                leftIconHeight="18"
+                leftViewBox="0  0 20 20"
+                text={'Delete group'}
+                tooltipId="tooltip-for-delete"
+                tooltipContent="Cannot delete default group"
+                onClick={isDefaultGroup ? {} : deleteGroup}
+                buttonDisable={isDefaultGroup}
+                darkMode={this.props.darkMode}
+              />
+            </div>
+          </Popover.Body>
+        </Popover>
+        {(groupName == 'all_users' || groupName == 'admin' || groupName == 'builder' || groupName == 'end-user') && (
+          <Tooltip
+            id="tooltip-for-delete"
+            className="tooltip"
+            place="left"
+            style={{
+              zIndex: 99999,
+            }}
+            show={isDefaultGroup}
+          />
+        )}
+      </div>
+    );
+  };
+  sortDefaultGroup = (list) => {
+    const priority = {
+      admin: 1,
+      builder: 2,
+      'end-user': 3,
+    };
+    list.sort((a, b) => {
+      const priorityA = priority[a.name] || 4; // default to 4 if not found
+      const priorityB = priority[b.name] || 4; // default to 4 if not found
+      return priorityA - priorityB;
+    });
+    return list;
+  };
+
+  fetchGroups = (type = 'admin', callback = () => {}) => {
+    this.setState({
+      isLoading: true,
+    });
+
+    groupPermissionV2Service
+      .getGroups()
+      .then((data) => {
+        const groupPermissions = data.groupPermissions;
+        const defaultGroups = this.sortDefaultGroup(groupPermissions.filter((group) => group.type === 'default'));
+        const currentGroupId =
+          type == 'admin'
+            ? defaultGroups[0].id
+            : type == 'current'
+            ? this.findCurrentGroupDetails(groupPermissions)
+            : groupPermissions.at(-1).id;
+        this.setState(
+          {
+            groups: groupPermissions.filter((group) => group.type === 'custom'),
+            defaultGroups: defaultGroups,
+            filteredGroup: groupPermissions.filter((group) => group.type === 'custom'),
+            isLoading: false,
+            selectedGroupPermissionId: currentGroupId,
+            selectedGroupObject: groupPermissions.find((group) => group.id === currentGroupId),
+          },
+          callback
+        );
+      })
+      .catch(({ error }) => {
+        toast.error(error);
+        this.setState({
+          isLoading: false,
+        });
+      });
+  };
+
+  handleGroupSearch = (e) => {
+    const { groups } = this.state;
+    let filteredGroup = groups;
+    const value = e?.target?.value;
+    if (value) {
+      filteredGroup = groups.filter((group) => group.name.toLowerCase().includes(value.toLowerCase()));
+    }
+    this.setState({
+      filteredGroup,
+    });
+  };
+
+  changeNewGroupName = (value) => {
+    if (value.length > 50) {
+      this.setState({
+        groupNameMessage: 'Max length has been reached',
+        isSaveBtnDisabled: true,
+        newGroupName: value?.slice(0, 50),
+      });
+      return;
+    }
+    this.setState({
+      newGroupName: value,
+      isSaveBtnDisabled: false,
+      groupNameMessage: 'Group name must be unique and max 50 characters',
+    });
+    if ((this.state.groupToBeUpdated && this.state.groupToBeUpdated.name === value) || !value) {
+      this.setState({
+        isSaveBtnDisabled: true,
+      });
+    }
+  };
+
+  humanizeifDefaultGroupName = (groupName) => {
+    switch (groupName) {
+      case 'end-user':
+        return 'End-user';
+      case 'admin':
+        return 'Admin';
+      case 'builder':
+        return 'Builder';
+      default:
+        return groupName;
+    }
+  };
+
+  createGroup = () => {
+    this.setState({ creatingGroup: true });
+    groupPermissionV2Service
+      .create(this.state.newGroupName)
+      .then(() => {
+        this.setState({
+          creatingGroup: false,
+          showNewGroupForm: false,
+          newGroupName: null,
+          selectedGroup: this.state.newGroupName,
+        });
+        toast.success('Group has been created');
+        this.fetchGroups('new');
+      })
+      .catch(({ error }) => {
+        toast.error(error, {
+          style: {
+            maxWidth: '500px  !important',
+          },
+        });
+        this.setState({
+          creatingGroup: false,
+          showNewGroupForm: true,
+        });
+      });
+  };
+
+  deleteGroup = (groupPermissionId) => {
+    this.setState({
+      showGroupDeletionConfirmation: true,
+      groupToBeDeleted: groupPermissionId,
+    });
+  };
+
+  updateGroupName = (groupPermission) => {
+    this.setState({
+      showGroupNameUpdateForm: true,
+      groupToBeUpdated: groupPermission,
+      newGroupName: groupPermission.name,
+      isSaveBtnDisabled: true,
+    });
+  };
+
+  cancelDeleteGroupDialog = () => {
+    this.setState({
+      isDeletingGroup: false,
+      groupToBeDeleted: null,
+      showGroupDeletionConfirmation: false,
+    });
+  };
+
+  executeGroupDeletion = () => {
+    this.setState({ isDeletingGroup: true });
+    groupPermissionV2Service
+      .del(this.state.groupToBeDeleted)
+      .then(() => {
+        toast.success('Group deleted successfully');
+        this.fetchGroups();
+        this.setState({ selectedGroup: 'Admin', isDeletingGroup: false });
+      })
+      .catch(({ error }) => {
+        toast.error(error);
+      })
+      .finally(() => {
+        this.cancelDeleteGroupDialog();
+      });
+  };
+
+  handleGroupSearchClose = () => {
+    this.setState((prevState) => ({
+      showGroupSearchBar: false,
+      filteredGroup: prevState.groups,
+    }));
+  };
+
+  showDuplicateDiologBox = (id) => {
+    this.setState({ groupToDuplicate: id, showDuplicateGroupModal: true, isDuplicatingGroup: false });
+  };
+
+  executeGroupUpdation = () => {
+    this.setState({ isUpdatingGroupName: true });
+    groupPermissionV2Service
+      .update(this.state.groupToBeUpdated?.id, { name: this.state.newGroupName })
+      .then(() => {
+        toast.success('Group name updated successfully');
+        this.fetchGroups('current');
+        this.setState({
+          isUpdatingGroupName: false,
+          groupToBeUpdated: null,
+          showGroupNameUpdateForm: false,
+          selectedGroup: this.state.newGroupName,
+        });
+      })
+      .catch(({ error }) => {
+        toast.error(error);
+        this.setState({
+          isUpdatingGroupName: false,
+        });
+      });
+  };
+
+  render() {
+    const {
+      isLoading,
+      showNewGroupForm,
+      showGroupNameUpdateForm,
+      creatingGroup,
+      isUpdatingGroupName,
+      groups,
+      isDeletingGroup,
+      showGroupDeletionConfirmation,
+      showDuplicateGroupModal,
+      isDuplicatingGroup,
+      groupDuplicateOption,
+      defaultGroups,
+      filteredGroup,
+      showGroupSearchBar,
+    } = this.state;
+
+    const grounNameErrorStyle =
+      this.state.newGroupName?.length > 50 ? { color: '#ff0000', borderColor: '#ff0000' } : {};
+    const { addPermission, addApps, addUsers } = groupDuplicateOption;
+    const allFalse = [addPermission, addApps, addUsers].every((value) => !value);
+
+    return (
+      <ErrorBoundary showFallback={true}>
+        <div className="wrapper org-users-page animation-fade">
+          <div className="org-users-page-container">
+            <ConfirmDialog
+              show={showGroupDeletionConfirmation}
+              message={'This group will be permanently deleted. Do you want to continue?'}
+              confirmButtonLoading={isDeletingGroup}
+              onConfirm={() => this.executeGroupDeletion()}
+              onCancel={() => this.cancelDeleteGroupDialog()}
+              darkMode={this.props.darkMode}
+            />
+            <ModalBase
+              show={showDuplicateGroupModal}
+              handleConfirm={this.duplicateGroup}
+              handleClose={this.toggleShowDuplicateModal}
+              title="Duplicate group"
+              confirmBtnProps={{ title: 'Duplicate', disabled: allFalse, tooltipMessage: false }}
+              isLoading={isDuplicatingGroup}
+              cancelDisabled={isDuplicatingGroup}
+              data-cy="modal-title"
+              darkMode={this.props.darkMode}
+            >
+              <div className="tj-text" data-cy="modal-message">
+                Duplicate the following parts of the group
+              </div>
+              <div className="group-duplcate-modal-body">
+                <div className="row check-row">
+                  <div className="col-1 ">
+                    <input
+                      class="form-check-input"
+                      checked={addUsers}
+                      type="checkbox"
+                      onChange={() => {
+                        this.setState((prevState) => ({
+                          groupDuplicateOption: {
+                            ...prevState.groupDuplicateOption,
+                            addUsers: !prevState.groupDuplicateOption.addUsers,
+                          },
+                        }));
+                      }}
+                      data-cy="users-check-input"
+                    />
+                  </div>
+                  <div className="col-11">
+                    <div className="tj-text " data-cy="users-label">
+                      Users
+                    </div>
+                  </div>
+                </div>
+                <div className="row check-row">
+                  <div className="col-1 ">
+                    <input
+                      class="form-check-input"
+                      checked={addPermission}
+                      type="checkbox"
+                      onChange={() => {
+                        this.setState((prevState) => ({
+                          groupDuplicateOption: {
+                            ...prevState.groupDuplicateOption,
+                            addPermission: !prevState.groupDuplicateOption.addPermission,
+                          },
+                        }));
+                      }}
+                      data-cy="permissions-check-input"
+                    />
+                  </div>
+                  <div className="col-11">
+                    <div className="tj-text " data-cy="permissions-label">
+                      Permissions
+                    </div>
+                  </div>
+                </div>
+                <div className="row check-row">
+                  <div className="col-1 ">
+                    <input
+                      class="form-check-input"
+                      checked={addApps}
+                      type="checkbox"
+                      onChange={() => {
+                        this.setState((prevState) => ({
+                          groupDuplicateOption: {
+                            ...prevState.groupDuplicateOption,
+                            addApps: !prevState.groupDuplicateOption.addApps,
+                          },
+                        }));
+                      }}
+                      data-cy="apps-check-input"
+                    />
+                  </div>
+                  <div className="col-11">
+                    <div className="tj-text " data-cy="apps-label">
+                      Apps
+                    </div>
+                  </div>
+                </div>
+              </div>
+            </ModalBase>
+            <div className="d-flex groups-btn-container">
+              <p className="tj-text" data-cy="page-title">
+                {groups?.length} Groups
+              </p>
+              {!showNewGroupForm && !showGroupNameUpdateForm && (
+                <ButtonSolid
+                  className="btn btn-primary create-new-group-button"
+                  onClick={(e) => {
+                    e.preventDefault();
+                    this.setState({ newGroupName: '', showNewGroupForm: true, isSaveBtnDisabled: true });
+                  }}
+                  data-cy="create-new-group-button"
+                  leftIcon="plus"
+                  isLoading={isLoading}
+                  iconWidth="16"
+                  fill={'#FDFDFE'}
+                >
+                  {this.props.t(
+                    'header.organization.menus.manageGroups.permissions.createNewGroup',
+                    'Create new group'
+                  )}
+                </ButtonSolid>
+              )}
+            </div>
+
+            <Modal
+              show={showNewGroupForm || showGroupNameUpdateForm}
+              closeModal={() =>
+                this.setState({
+                  showNewGroupForm: false,
+                  showGroupNameUpdateForm: false,
+                  newGroupName: null,
+                })
+              }
+              title={
+                showGroupNameUpdateForm
+                  ? this.props.t('header.organization.menus.manageGroups.permissions.updateGroup', 'Update group')
+                  : this.props.t('header.organization.menus.manageGroups.permissions.addNewGroup', 'Create new group')
+              }
+            >
+              <form
+                id="my-form"
+                onSubmit={(e) => {
+                  e.preventDefault();
+                  if (showNewGroupForm) {
+                    this.createGroup();
+                  } else {
+                    this.executeGroupUpdation();
+                  }
+                }}
+              >
+                <div className="form-group mb-3 ">
+                  <div className="row">
+                    <div className="col tj-app-input">
+                      <input
+                        type="text"
+                        required
+                        className={`form-control ${this.state.newGroupName?.length >= 50 ? 'custom-input-error' : ''}`}
+                        placeholder={this.props.t(
+                          'header.organization.menus.manageGroups.permissions.enterName',
+                          'Enter group name'
+                        )}
+                        onChange={(e) => {
+                          this.changeNewGroupName(e.target.value);
+                        }}
+                        value={this.state.newGroupName}
+                        data-cy="group-name-input"
+                        autoFocus
+                      />
+                      <span className="tj-text-xxsm" style={grounNameErrorStyle}>
+                        {this.state.groupNameMessage}
+                      </span>
+                    </div>
+                  </div>
+                </div>
+                <div className="form-footer d-flex create-group-modal-footer">
+                  <ButtonSolid
+                    onClick={() =>
+                      this.setState({
+                        showNewGroupForm: false,
+                        showGroupNameUpdateForm: false,
+                        newGroupName: null,
+                      })
+                    }
+                    disabled={creatingGroup}
+                    data-cy="cancel-button"
+                    variant="tertiary"
+                  >
+                    {this.props.t('globals.cancel', 'Cancel')}
+                  </ButtonSolid>
+                  <ButtonSolid
+                    type="submit"
+                    id="my-form"
+                    disabled={creatingGroup || this.state.isSaveBtnDisabled}
+                    data-cy="create-group-button"
+                    isLoading={creatingGroup || isUpdatingGroupName}
+                    leftIcon="plus"
+                    fill={creatingGroup || this.state.isSaveBtnDisabled ? '#4C5155' : '#FDFDFE'}
+                  >
+                    {showGroupNameUpdateForm
+                      ? this.props.t('globals.save', 'Save')
+                      : this.props.t('header.organization.menus.manageGroups.permissions.createGroup', 'Create Group')}
+                  </ButtonSolid>
+                </div>
+              </form>
+            </Modal>
+
+            {!showNewGroupForm && !showGroupNameUpdateForm && (
+              <div className="org-users-page-card-wrap">
+                <div className="org-users-page-sidebar">
+                  <div className="default-group-list-container">
+                    <div className="mb-2 d-flex align-items-center">
+                      <SolidIcon name="usergear" />
+                      <span className="ml-1 group-title">USER ROLE</span>
+                    </div>
+                    {defaultGroups.map((permissionGroup) => {
+                      return (
+                        <FolderList
+                          key={permissionGroup.id}
+                          listId={permissionGroup.id}
+                          overlayFunctionParam={{
+                            id: permissionGroup.id,
+                            groupName: permissionGroup.name,
+                          }}
+                          selectedItem={
+                            this.state.selectedGroup == this.humanizeifDefaultGroupName(permissionGroup.name)
+                          }
+                          onClick={() => {
+                            this.setState({
+                              selectedGroupPermissionId: permissionGroup.id,
+                              selectedGroup: this.humanizeifDefaultGroupName(permissionGroup.name),
+                              selectedGroupObject: permissionGroup,
+                            });
+                          }}
+                          toolTipText={this.humanizeifDefaultGroupName(permissionGroup.name)}
+                          overLayComponent={this.renderPopoverContent}
+                          className="groups-folder-list"
+                          dataCy={this.humanizeifDefaultGroupName(permissionGroup.name)
+                            .toLowerCase()
+                            .replace(/\s+/g, '-')}
+                        >
+                          <span>
+                            <OverflowTooltip>{this.humanizeifDefaultGroupName(permissionGroup.name)}</OverflowTooltip>
+                          </span>
+                        </FolderList>
+                      );
+                    })}
+                  </div>
+                  <div>
+                    {!showGroupSearchBar ? (
+                      <div className="mb-2 d-flex align-items-center">
+                        <SolidIcon name="usergroup" width="18px" fill="#889096" />
+                        <span className="ml-1 group-title">CUSTOM GROUPS</span>
+                        <div className="create-group-cont">
+                          <ButtonSolid
+                            onClick={(e) => {
+                              e.preventDefault();
+                              this.setState({ showGroupSearchBar: true });
+                            }}
+                            size="xsm"
+                            rightIcon="search"
+                            iconWidth="15"
+                            fill="#889096"
+                            className="create-group-custom"
+                          />
+                          <ButtonSolid
+                            onClick={(e) => {
+                              e.preventDefault();
+                              this.setState({ newGroupName: null, showNewGroupForm: true, isSaveBtnDisabled: true });
+                            }}
+                            size="sm"
+                            fill="#889096"
+                            rightIcon="plus"
+                            iconWidth="20"
+                            className="create-group-custom"
+                          />
+                        </div>
+                      </div>
+                    ) : (
+                      <div className="searchbox-custom">
+                        <SearchBox
+                          dataCy={`query-manager`}
+                          width="70px !important"
+                          callBack={this.handleGroupSearch}
+                          placeholder={'Search'}
+                          customClass="tj-common-search-input-group"
+                          onClearCallback={this.handleGroupSearchClose}
+                          autoFocus={true}
+                        />
+                      </div>
+                    )}
+
+                    {groups.length ? (
+                      filteredGroup.map((permissionGroup) => {
+                        return (
+                          <FolderList
+                            key={permissionGroup.id}
+                            listId={permissionGroup.id}
+                            overlayFunctionParam={{
+                              id: permissionGroup.id,
+                              groupName: permissionGroup.name,
+                            }}
+                            selectedItem={
+                              this.state.selectedGroup == this.humanizeifDefaultGroupName(permissionGroup.name)
+                            }
+                            onClick={() => {
+                              this.setState({
+                                selectedGroupPermissionId: permissionGroup.id,
+                                selectedGroup: this.humanizeifDefaultGroupName(permissionGroup.name),
+                                selectedGroupObject: permissionGroup,
+                              });
+                            }}
+                            toolTipText={this.humanizeifDefaultGroupName(permissionGroup.name)}
+                            overLayComponent={this.renderPopoverContent}
+                            className="groups-folder-list"
+                            dataCy={this.humanizeifDefaultGroupName(permissionGroup.name)
+                              .toLowerCase()
+                              .replace(/\s+/g, '-')}
+                          >
+                            <span>
+                              <OverflowTooltip>{this.humanizeifDefaultGroupName(permissionGroup.name)}</OverflowTooltip>
+                            </span>
+                          </FolderList>
+                        );
+                      })
+                    ) : (
+                      <div className="empty-custom-group-info">
+                        <SolidIcon className="info-icon" name="information" width="18px" />
+                        <span className="tj-text-xsm text-center info-label">No custom groups added</span>
+                      </div>
+                    )}
+                  </div>
+                </div>
+
+                <div className="org-users-page-card-body">
+                  {isLoading ? (
+                    <Loader />
+                  ) : (
+                    <ManageGroupPermissionResourcesV2
+                      groupPermissionId={this.state.selectedGroupPermissionId}
+                      darkMode={this.props.darkMode}
+                      selectedGroup={this.state.selectedGroup}
+                      selectedGroupObject={this.state.selectedGroupObject}
+                      updateGroupName={this.updateGroupName}
+                      deleteGroup={this.deleteGroup}
+                      roleOptions={defaultGroups.map((group) => {
+                        return {
+                          name: this.humanizeifDefaultGroupName(group.name),
+                          value: group.name,
+                        };
+                      })}
+                    />
+                  )}
+                </div>
+              </div>
+            )}
+          </div>
+        </div>
+      </ErrorBoundary>
+    );
+  }
+}
+
+export const ManageGroupPermissionsV2 = withTranslation()(ManageGroupPermissionsComponent);
+
+const Field = ({
+  text,
+  onClick,
+  customClass,
+  leftIcon,
+  leftIconWidth,
+  leftIconHeight = '18',
+  leftIconClassName,
+  buttonDisable = false,
+  tooltipContent = '',
+  tooltipId = '',
+  darkMode = false,
+}) => {
+  return (
+    <div className={`field ${customClass ? ` ${customClass}` : ''}`}>
+      <span
+        className="row option-row"
+        role="button"
+        onClick={!buttonDisable && onClick}
+        data-cy={`${text.toLowerCase().replace(/\s+/g, '-')}-card-option`}
+        data-tooltip-content={tooltipContent}
+        data-tooltip-id={tooltipId}
+      >
+        <div className={`col-2 ${leftIconClassName}`}>
+          {leftIcon && (
+            <SolidIcon
+              name={leftIcon}
+              width={leftIconWidth}
+              height={leftIconHeight}
+              {...(buttonDisable ? { fill: '#D7DBDF' } : {})}
+            ></SolidIcon>
+          )}
+        </div>
+        <div className={`col ${buttonDisable ? 'disable' : ''} ${darkMode ? 'dark-theme' : ''}`}>{text}</div>
+      </span>
+    </div>
+  );
+};
diff --git a/frontend/src/ManageGroupPermissionsV2/ResourceChip.jsx b/frontend/src/ManageGroupPermissionsV2/ResourceChip.jsx
new file mode 100644
index 0000000000..afb4d71a51
--- /dev/null
+++ b/frontend/src/ManageGroupPermissionsV2/ResourceChip.jsx
@@ -0,0 +1,103 @@
+import React, { useEffect, useState, useRef } from 'react';
+import cx from 'classnames'; // Assuming you're using the classnames package
+import { humanizeifDefaultGroupName } from '@/_helpers/utils';
+import './groupPermissions.theme.scss';
+
+const GroupChipTD = ({ groups = [] }) => {
+  const [showAllGroups, setShowAllGroups] = useState(false);
+  const groupsListRef = useRef();
+
+  useEffect(() => {
+    const onCloseHandler = (e) => {
+      if (groupsListRef.current && !groupsListRef.current.contains(e.target)) {
+        setShowAllGroups(false);
+      }
+    };
+
+    window.addEventListener('click', onCloseHandler);
+    return () => {
+      window.removeEventListener('click', onCloseHandler);
+    };
+  }, [showAllGroups]);
+
+  function moveValuesToLast(arr, valuesToMove) {
+    const validValuesToMove = valuesToMove.filter((value) => arr.includes(value));
+
+    validValuesToMove.forEach((value) => {
+      const index = arr.indexOf(value);
+      if (index !== -1) {
+        const removedItem = arr.splice(index, 1);
+        arr.push(removedItem[0]);
+      }
+    });
+
+    return arr;
+  }
+
+  const orderedArray = groups;
+
+  const toggleAllGroupsList = (e) => {
+    setShowAllGroups(!showAllGroups);
+  };
+
+  const renderGroupChip = (group, index) => (
+    <span className="group-chip" key={index} data-cy="group-chip">
+      {humanizeifDefaultGroupName(group)}
+    </span>
+  );
+
+  return (
+    <div
+      data-active={showAllGroups}
+      onClick={(e) => {
+        orderedArray.length > 2 && toggleAllGroupsList(e);
+      }}
+      className={cx('text-muted resource-name-cell', { 'groups-hover': orderedArray.length > 2 })}
+    >
+      <div className="groups-name-container tj-text-sm font-weight-500">
+        {orderedArray.length === 0 ? (
+          renderGroupChip('-', null)
+        ) : (
+          <>
+            <div className="groups-name-row">
+              {orderedArray.slice(0, 2).map((group, index) => {
+                return renderGroupChip(group, index);
+              })}
+            </div>
+            <div className="groups-name-row">
+              {orderedArray.slice(2, 4).map((group, index) => {
+                return renderGroupChip(group, index);
+              })}
+            </div>
+            {orderedArray.length > 4 && (
+              <React.Fragment key={4}>
+                <div className="groups-name-row" ref={groupsListRef}>
+                  <span className="group-chip">+{orderedArray.length - 4} more</span>
+                </div>
+                {showAllGroups && (
+                  <div className="all-groups-list">
+                    {orderedArray.slice(4).map((group, index) => renderGroupChip(group, index))}
+                  </div>
+                )}
+              </React.Fragment>
+            )}
+
+            {/* orderedArray.slice(0, 2).map((group, index) => {
+    if (orderedArray.length <= 2) {
+      return renderGroupChip(group, index);
+    }
+
+    if (orderedArray.length > 2 && index === 1) {
+      
+    }
+
+    return renderGroupChip(group, index);
+  }) */}
+          </>
+        )}
+      </div>
+    </div>
+  );
+};
+
+export default GroupChipTD;
diff --git a/frontend/src/ManageGroupPermissionsV2/groupPermissions.theme.scss b/frontend/src/ManageGroupPermissionsV2/groupPermissions.theme.scss
new file mode 100644
index 0000000000..0ad36a1d01
--- /dev/null
+++ b/frontend/src/ManageGroupPermissionsV2/groupPermissions.theme.scss
@@ -0,0 +1,458 @@
+@import "../_styles/colors.scss";
+
+.default-group-list-container {
+    margin-bottom: 20px; 
+}
+
+.empty-custom-group-info{
+    margin-top: 15px;
+    border-radius: 6px;
+    border: 1px dashed var(--slate8) !important;
+    width: 100%;
+    height: 32px;
+    
+    padding: 3px 12px;
+    display: flex;
+    flex-direction: row;
+
+    .info-icon{
+      margin-top: 3px;
+    }
+
+    .info-label{
+        margin-left: 4px;
+        color: var(--slate9);
+    }
+}
+
+.group-title {
+        font-weight: 500;
+        color: var(--slate11);
+        font-size: 12px;
+        margin-left: 5px;
+    }
+
+.create-group-cont {
+        margin-left:10px ;
+        margin-right: auto;
+        display: flex;
+        flex-direction: row;
+        .create-group-custom {
+            width: 20px;
+            margin-left: 2px;
+            margin-right: 2px;
+            height: 20px;
+            padding: 0 0;
+            background: none !important;
+            background-color: none !important;
+            box-shadow: none;
+
+        }
+    }
+
+
+.searchbox-custom{
+    margin-bottom: 10px;
+    .tj-common-search-input-group {
+    .input-icon-addon {
+        padding-right: 8px;
+        padding-left: 8px;
+
+    }
+
+    input {
+        box-sizing: border-box;
+        display: flex;
+        flex-direction: row;
+        align-items: center;
+        padding: 4px 8px !important;
+        gap: 16px;
+        width: 190px !important;
+        height: 28px !important;
+        background: var(--base);
+        border: 1px solid var(--slate7);
+        border-radius: 6px;
+        color: var(--slate12);
+        padding-left: 33px !important;
+
+
+        ::placeholder {
+        color: var(--slate9);
+        margin-left: 5px !important;
+        padding-left: 5px !important;
+        background-color: red !important;
+        }
+
+        &:hover {
+        background: var(--slate2);
+        border: 1px solid var(--slate8);
+        }
+
+        &:active {
+        background: var(--indigo2);
+        border: 2px solid var(--indigo11);
+        box-shadow: 0px 0px 0px 2px #C6D4F9;
+        outline: none;
+        }
+
+        &:focus-visible {
+        background: var(--slate2);
+        border: 1px solid var(--slate8);
+        border-radius: 6px;
+        outline: none;
+        padding-left: 12px !important;
+        }
+
+        &:disabled {
+        background: var(--slate3);
+        border: 1px solid var(--slate7);
+        }
+    }
+    }
+
+}
+
+.edit-role-modal {
+  font-family: 'IBM Plex Sans';
+
+  .modal-dialog {
+    width: 320px;
+  }
+
+  .modal-content {
+    background: linear-gradient(0deg, #FFFFFF, #FFFFFF),
+      linear-gradient(0deg, #DFE3E6, #DFE3E6);
+  }
+
+  .modal-header {
+    justify-content: center !important;
+    flex-direction: column;
+    padding: 30px 32px 20px 32px;
+    border: none;
+
+    .remove-icon-container{
+      display: flex;
+      justify-content: flex-end;
+      margin-right: 10px;
+
+      .close-btn {
+        
+          width: 20px;
+          margin: 5px 5px 5px 5px;
+          height: 20px;
+          padding: 0 0;
+          background: none !important;
+          background-color: none !important;
+          box-shadow: none;
+      }
+    }
+    .icon-class {
+      display: flex; /* Enable flexbox */
+      justify-content: center; /* Center items horizontally */
+      align-items: center; /* Center items vertically */
+      justify-content: center;
+      width: 64px;
+      height: 64px;
+      background-color: var(--tomato3);
+      border-radius: 6px;
+    }
+
+    .header-text {
+      font-style: normal;
+      font-weight: 600;
+      font-size: 16px;
+      text-align: center;
+      // line-height: 36px;
+      margin: 12px 0 5px 0;
+    }
+
+    p {
+      font-style: normal;
+      font-weight: 400;
+      font-size: 14px;
+      color: #687076;
+      text-align: Center;
+      margin-bottom: 0px;
+    }
+  }
+
+  .modal-body {
+    border: none;
+    padding: 12px 12px 22px 27px;
+
+    .item-list {
+      display: flex;
+      gap: 5px;
+      flex-direction: column;
+      max-height: 100px; /* Set a fixed height or max-height */
+      overflow-y: scroll; /* Enable vertical scrolling */
+    }
+  }
+}
+
+.edit-role-modal.dark-mode {
+
+  .modal-footer,
+  .modal-header {
+    border-color: #232e3c !important;
+
+    p {
+      color: rgba(255, 255, 255, 0.5) !important;
+    }
+  }
+
+  .modal-body,
+  .modal-footer,
+  .modal-header,
+  .modal-content {
+    color: white;
+    background-color: #2b394a;
+  }
+
+  .modal-content {
+    border: none;
+  }
+}
+
+
+.resource-name-cell {
+  transition: 0.3s all;
+  border-radius: 6px;
+  max-width: 170px;
+  position: relative !important;
+  overflow: visible !important;
+
+  .groups-name-container {
+    display: flex;
+    flex-direction: column; 
+    row-gap: 8px;
+    text-overflow: ellipsis;
+    overflow: hidden;
+    white-space: nowrap;
+    max-height: 200px;
+    max-width: 170px;
+
+    
+    .empty-text{
+      display: flex;
+      justify-content: center;
+      margin-left: 20px;
+    }
+
+    .groups-name-row {
+      display: flex;
+      column-gap: 8px;
+      text-overflow: ellipsis;
+      overflow: hidden;
+      white-space: nowrap;
+      max-width: 170px;
+    }
+  }
+
+  .group-chip {
+    padding: 2px 8px;
+    margin: 0;
+    border-radius: 6px;
+    background-color: var(--slate3);
+    color: var(--slate11);
+    min-height: 24px;
+    text-overflow: ellipsis;
+    overflow: hidden;
+    white-space: nowrap;
+    max-width: 100px;
+    font-size: 12px;
+  }
+
+  .all-groups-list {
+    position: absolute;
+    width: 100%;
+    top: 59px;
+    display: flex;
+    flex-direction: column;
+    background: var(--slate1);
+    align-items: flex-start;
+    border-radius: 6px;
+    border: 1px solid var(--slate1);
+    box-shadow: 0px 4px 6px -2px rgba(16, 24, 40, 0.03), 0px 12px 16px -4px rgba(16, 24, 40, 0.08);
+    padding: 9px 10px;
+    gap: 10px;
+    cursor: default;
+    max-height: 240px;
+    overflow: auto;
+    left: 0px;
+    z-index: 1;
+
+
+    .group-chip {
+    padding: 2px 8px;
+    margin: 0;
+    border-radius: 6px;
+    background-color: var(--slate3);
+    color: var(--slate11);
+    min-height: 24px;
+    text-overflow: ellipsis;
+    overflow: hidden;
+    white-space: nowrap;
+    max-width: 200px;
+  }
+  }
+}
+
+.groups-name-cell[data-active="true"] {
+  display: flex;
+  background: var(--gray5) !important;
+  justify-content: center;
+
+  .groups-name-container {
+    padding-left: 6px;
+    justify-content: center;
+  }
+
+  .group-chip {
+    max-width: unset !important;
+  }
+}
+.role-name-cell {
+  transition: 0.3s all;
+  border-radius: 6px;
+  width: 120px !important;
+  position: relative !important;
+  overflow: visible !important;
+
+  .groups-name-container {
+    display: flex;
+    column-gap: 8px;
+    text-overflow: ellipsis;
+    overflow: hidden;
+    white-space: nowrap;
+    max-width: 185px;
+  }
+
+  .group-chip {
+    padding: 2px 8px;
+    margin: 0;
+    border-radius: 6px;
+    background-color: var(--slate3);
+    // color: var(--slate11);
+    min-height: 24px;
+    text-overflow: ellipsis;
+    overflow: hidden;
+    white-space: nowrap;
+    max-width: 95px;
+  }
+
+  .all-groups-list {
+    position: absolute;
+    width: 100%;
+    top: 41px;
+    display: flex;
+    flex-direction: column;
+    background: var(--slate1);
+    align-items: flex-start;
+    border-radius: 6px;
+    border: 1px solid var(--slate1);
+    box-shadow: 0px 4px 6px -2px rgba(16, 24, 40, 0.03), 0px 12px 16px -4px rgba(16, 24, 40, 0.08);
+    padding: 9px 10px;
+    gap: 10px;
+    cursor: default;
+    max-height: 240px;
+    overflow: auto;
+    left: 0px;
+    z-index: 1;
+  }
+}
+
+.role-name-cell[data-active="true"] {
+  display: flex;
+  background: var(--gray5) !important;
+  justify-content: center;
+
+  .groups-name-container {
+    padding-left: 6px;
+    justify-content: center;
+  }
+
+  .group-chip {
+    max-width: unset !important;
+  }
+}
+
+
+.edit-icon-container{
+  max-width: 10px;
+  display: flex;
+  justify-content: flex-end;
+  align-items: flex-start;
+  padding: 0;
+  height: 100%;
+  margin-bottom: auto;
+}
+
+
+.edit-permission-custom {
+  width: 20px;
+  margin-left: 2px;
+  margin-right: 2px;
+  height: 20px;
+  padding: 0 0;
+  background: none !important;
+  background-color: none !important;
+  box-shadow: none;
+}
+
+.manage-resource-permission{
+
+
+  .tj-text-xxsm{
+    color: var(--slate11)
+  }
+
+
+  transition: background-color 0.3s ease;
+  border-bottom: 1px solid var(--slate5);
+  display: flex;
+  align-items:baseline;
+  padding: 12px;
+  gap: 10px;
+
+  div {
+    width: 206px;
+
+
+    .resource-name {
+      display: flex;
+      flex-direction: row !important;
+      gap: 10px;
+      
+
+      .resource-icon {
+        margin-right: 200px;
+      }
+      .resource-text {
+        margin-left: 10px;
+      }
+    }
+  }
+
+  &:hover {
+    background-color: var(--slate3);
+  }
+
+  
+}
+
+.manage-resource-body {
+  padding: 24px;
+  font-size: 12px;
+  overflow-y: auto;
+  height: calc(100vh - 300px);
+
+}
+
+.error-text{
+  color: red;
+}
+.form-control,
+.error-input {
+  border-color: red !important;
+}
\ No newline at end of file
diff --git a/frontend/src/ManageOrgConstants/ManageOrgConstants.jsx b/frontend/src/ManageOrgConstants/ManageOrgConstants.jsx
index 77e7bc3a7d..bc897ba952 100644
--- a/frontend/src/ManageOrgConstants/ManageOrgConstants.jsx
+++ b/frontend/src/ManageOrgConstants/ManageOrgConstants.jsx
@@ -126,24 +126,15 @@ const ManageOrgConstantsComponent = ({ darkMode }) => {
   };
 
   const canCreateVariable = () => {
-    return canAnyGroupPerformAction(
-      'org_environment_variable_create',
-      authenticationService.currentSessionValue.group_permissions
-    );
+    return authenticationService.currentSessionValue.user_permissions.org_constant_c_r_u_d;
   };
 
   const canUpdateVariable = () => {
-    return canAnyGroupPerformAction(
-      'org_environment_variable_update',
-      authenticationService.currentSessionValue.group_permissions
-    );
+    return authenticationService.currentSessionValue.user_permissions.org_constant_c_r_u_d;
   };
 
   const canDeleteVariable = () => {
-    return canAnyGroupPerformAction(
-      'org_environment_variable_delete',
-      authenticationService.currentSessionValue.group_permissions
-    );
+    return authenticationService.currentSessionValue.user_permissions.org_constant_c_r_u_d;
   };
 
   const fetchEnvironments = () => {
diff --git a/frontend/src/ManageOrgUsers/InviteUsersForm.jsx b/frontend/src/ManageOrgUsers/InviteUsersForm.jsx
index 8fe5c71c20..ccbb0cec99 100644
--- a/frontend/src/ManageOrgUsers/InviteUsersForm.jsx
+++ b/frontend/src/ManageOrgUsers/InviteUsersForm.jsx
@@ -8,6 +8,8 @@ import { toast } from 'react-hot-toast';
 import { FileDropzone } from './FileDropzone';
 import { USER_DRAWER_MODES } from '@/_helpers/utils';
 import { UserGroupsSelect } from './UserGroupsSelect';
+import { EDIT_ROLE_MESSAGE } from '@/ManageGroupPermissionResourcesV2/constant';
+import ModalBase from '@/_ui/Modal';
 
 function InviteUsersForm({
   onClose,
@@ -27,26 +29,54 @@ function InviteUsersForm({
 }) {
   const { t } = useTranslation();
   const [activeTab, setActiveTab] = useState(1);
-  const [selectedGroups, setSelectedGroups] = useState([]);
   const [existingGroups, setExistingGroups] = useState([]);
+  const [newRole, setNewRole] = useState(null);
+
+  const customGroups = groups.filter((group) => group.groupType === 'custom');
+  const roleGroups = groups
+    .filter((group) => group.groupType === 'default')
+    .sort((a, b) => {
+      const sortOrder = ['admin', 'builder', 'end-user'];
+      const indexA = sortOrder.indexOf(a.value);
+      const indexB = sortOrder.indexOf(b.value);
+
+      return indexA - indexB;
+    });
+  const [isChangeRoleModalOpen, setIsChangeRoleModalOpen] = useState(false);
+  const groupedOptions = [
+    {
+      label: 'default',
+      options: roleGroups,
+    },
+    {
+      label: 'custom',
+      options: customGroups,
+    },
+  ];
+  const [selectedGroups, setSelectedGroups] = useState([]);
 
   const hiddenFileInput = useRef(null);
 
   useEffect(() => {
     if (currentEditingUser && groups.length) {
-      const { first_name, last_name, email, groups: addedToGroups } = currentEditingUser;
+      const { first_name, last_name, email, groups: addedToCustomGroups, role_group } = currentEditingUser;
+      const addedToGroups = [...addedToCustomGroups, ...role_group];
       setUserValues({
         fullName: `${first_name}${last_name && ` ${last_name}`}`,
         email: email,
       });
       const preSelectedGroups = groups
-        .filter((group) => addedToGroups.includes(group.value))
+        .filter((group) => addedToGroups.map((group) => group.name).includes(group.value))
         .map((filteredGroup) => ({
           ...filteredGroup,
           label: filteredGroup.name,
         }));
-      setExistingGroups(groups.filter((group) => addedToGroups.includes(group.value)).map((g) => g.value));
+      setExistingGroups(
+        groups.filter((group) => addedToCustomGroups.map((gp) => gp.name).includes(group.value)).map((g) => g.id)
+      );
       onChangeHandler(preSelectedGroups);
+    } else {
+      onChangeHandler(roleGroups.filter((group) => group.value === 'end-user'));
     }
   }, [currentEditingUser, groups]);
 
@@ -65,44 +95,91 @@ function InviteUsersForm({
   };
 
   const onChangeHandler = (items) => {
-    setSelectedGroups(items);
+    let finalGroup = items;
+    const roleGroups = items.filter((group) => group.groupType === 'default');
+    const currentRole = selectedGroups.find((group) => group.groupType === 'default');
+    if (roleGroups.length == 2) {
+      finalGroup = items.filter((group) => group.value !== currentRole.value);
+    }
+    if (roleGroups.length === 0) return;
+    if (currentEditingUser) {
+      const role = finalGroup.find(
+        (group) =>
+          group.groupType === 'default' && !currentEditingUser.role_group.map((role) => role.name).includes(group.value)
+      );
+      setNewRole(role);
+    }
+    setSelectedGroups(finalGroup);
   };
 
   const handleCreateUser = (e) => {
     e.preventDefault();
-    const selectedGroupsIds = selectedGroups.map((group) => group.value);
-    manageUser(currentEditingUser?.id, selectedGroupsIds);
+    const role = selectedGroups.find((group) => group.groupType === 'default').value;
+    const selectedGroupsIds = selectedGroups.filter((group) => group.groupType !== 'default').map((group) => group.id);
+    manageUser(currentEditingUser?.id, selectedGroupsIds, role);
   };
 
   const handleEditUser = (e) => {
     e.preventDefault();
-    const selectedGroupsIds = selectedGroups.map((group) => group.value);
-    const newGroupsToAdd = selectedGroupsIds.filter((selectedGroupId) => !existingGroups.includes(selectedGroupId));
-    const groupsToRemove = existingGroups.filter((existingGroup) => !selectedGroupsIds.includes(existingGroup));
-    manageUser(currentEditingUser.id, selectedGroupsIds, newGroupsToAdd, groupsToRemove);
+    if (newRole) setIsChangeRoleModalOpen(true);
+    else {
+      editUser();
+    }
+  };
+
+  const editUser = () => {
+    const { newGroupsToAdd, groupsToRemove, selectedGroupsIds, role } = getEditedGroups();
+    manageUser(currentEditingUser.id, selectedGroupsIds, role, newGroupsToAdd, groupsToRemove);
   };
 
   const getEditedGroups = () => {
-    const selectedGroupsIds = selectedGroups.map((group) => group.value);
+    const selectedGroupsIds = selectedGroups.filter((group) => group.groupType !== 'default').map((group) => group.id);
     const newGroupsToAdd = selectedGroupsIds.filter((selectedGroupId) => !existingGroups.includes(selectedGroupId));
     const groupsToRemove = existingGroups.filter((existingGroup) => !selectedGroupsIds.includes(existingGroup));
-    return { newGroupsToAdd, groupsToRemove };
+    return { newGroupsToAdd, groupsToRemove, selectedGroupsIds };
   };
 
+  const validUserDetail = fields['fullName']?.length > 0 && fields['email']?.length > 0;
+
   const isEdited = () => {
     const { newGroupsToAdd, groupsToRemove } = getEditedGroups();
     const { first_name, last_name } = currentEditingUser || {};
     return isEditing
       ? fields['fullName'] !== `${first_name}${last_name && ` ${last_name}`}` ||
           groupsToRemove.length ||
+          newRole ||
           newGroupsToAdd.length
       : true;
   };
 
   const isEditing = userDrawerMode === USER_DRAWER_MODES.EDIT;
+  const containRoleGroup =
+    selectedGroups.filter((item) => ['admin', 'end-user', 'builder'].includes(item.value)).length > 0;
 
   return (
     <div>
+      {isChangeRoleModalOpen && (
+        <ModalBase
+          title={
+            <div className="my-3" data-cy="modal-title">
+              <span className="tj-text-md font-weight-500">Edit user role</span>
+              <div className="tj-text-sm text-muted" data-cy="user-email">
+                {currentEditingUser?.email}
+              </div>
+            </div>
+          }
+          handleConfirm={editUser}
+          show={isChangeRoleModalOpen}
+          handleClose={() => {
+            setIsChangeRoleModalOpen(false);
+            onCancel();
+            onClose();
+          }}
+          confirmBtnProps={{ title: 'Continue' }}
+        >
+          <div>{EDIT_ROLE_MESSAGE?.[currentEditingUser?.role_group?.[0]?.name]?.[newRole?.value]()}</div>
+        </ModalBase>
+      )}
       <div className="animation-fade invite-user-drawer-wrap">
         <div className="drawer-card-wrap invite-user-drawer-wrap">
           <div className="card-header">
@@ -216,7 +293,7 @@ function InviteUsersForm({
                         ? 'User groups'
                         : t('header.organization.menus.manageUsers.selectGroup', 'Select Group')}
                     </label>
-                    <UserGroupsSelect value={selectedGroups} onChange={onChangeHandler} options={groups} />
+                    <UserGroupsSelect value={selectedGroups} onChange={onChangeHandler} options={groupedOptions} />
                   </div>
                 </form>
               </div>
@@ -274,7 +351,13 @@ function InviteUsersForm({
               form={activeTab == 1 ? 'inviteByEmail' : 'inviteBulkUsers'}
               type="submit"
               variant="primary"
-              disabled={uploadingUsers || creatingUser || !isEdited()}
+              disabled={
+                uploadingUsers ||
+                creatingUser ||
+                !isEdited() ||
+                (!isEditing && !containRoleGroup && uploadingUsers) ||
+                (!isEditing && !validUserDetail && uploadingUsers)
+              }
               data-cy={activeTab == 1 ? 'button-invite-users' : 'button-upload-users'}
               leftIcon={activeTab == 1 ? 'sent' : 'fileupload'}
               width="20"
diff --git a/frontend/src/ManageOrgUsers/ManageOrgUsers.jsx b/frontend/src/ManageOrgUsers/ManageOrgUsers.jsx
index 2d7d02e4ef..b16d83b27a 100644
--- a/frontend/src/ManageOrgUsers/ManageOrgUsers.jsx
+++ b/frontend/src/ManageOrgUsers/ManageOrgUsers.jsx
@@ -11,6 +11,7 @@ import { ButtonSolid } from '@/_ui/AppButton/AppButton';
 import ManageOrgUsersDrawer from './ManageOrgUsersDrawer';
 import { USER_DRAWER_MODES } from '@/_helpers/utils';
 import { getQueryParams } from '@/_helpers/routes';
+import EditRoleErrorModal from '@/ManageGroupPermissionsV2/ErrorModal/ErrorModal';
 
 class ManageOrgUsersComponent extends React.Component {
   constructor(props) {
@@ -36,6 +37,11 @@ class ManageOrgUsersComponent extends React.Component {
       userDrawerMode: USER_DRAWER_MODES.CREATE,
       newSelectedGroups: [],
       existingGroupsToRemove: [],
+      showErrorModal: false,
+      errorModalMessage: '',
+      errorItemList: [],
+      errorTitle: '',
+      errorIconName: 'usergear',
     };
   }
 
@@ -73,7 +79,6 @@ class ManageOrgUsersComponent extends React.Component {
     if (!this.state.file) {
       errors['file'] = 'This field is required';
     }
-
     this.setState({ errors: errors });
     return Object.keys(errors).length === 0;
   }
@@ -96,11 +101,22 @@ class ManageOrgUsersComponent extends React.Component {
 
   changeNewUserOption = (name, e) => {
     let fields = this.state.fields;
+    let errors = {};
     fields[name] = e.target.value;
 
     this.setState({
       fields,
     });
+
+    if (name === 'email') {
+      if (!this.validateEmail(fields['email'])) {
+        errors['email'] = 'Email is not valid';
+        this.setState({ errors });
+      } else {
+        errors['email'] = '';
+        this.setState({ errors });
+      }
+    }
   };
 
   archiveOrgUser = (id) => {
@@ -135,6 +151,7 @@ class ManageOrgUsersComponent extends React.Component {
       });
   };
 
+  //Need to work on that
   inviteBulkUsers = (event) => {
     event.preventDefault();
     if (this.handleFileValidation()) {
@@ -178,7 +195,7 @@ class ManageOrgUsersComponent extends React.Component {
     });
   };
 
-  manageUser = (currentOrgUserId, selectedGroups, groupsToAdd, groupsToRemove) => {
+  manageUser = (currentOrgUserId, selectedGroups, role, groupsToAdd, groupsToRemove) => {
     const isEditing = this.state.userDrawerMode === USER_DRAWER_MODES.EDIT;
     if (this.handleValidation()) {
       if (!this.state.fields.fullName?.trim()) {
@@ -201,11 +218,13 @@ class ManageOrgUsersComponent extends React.Component {
         last_name: this.state.fields.lastName,
         email: this.state.fields.email,
         groups: selectedGroups,
+        role: role,
       };
 
       const updateUserBody = {
         addGroups: groupsToAdd,
         removeGroups: groupsToRemove,
+        role: role,
       };
       service(currentOrgUserId, isEditing ? updateUserBody : createUserBody)
         .then(() => {
@@ -220,7 +239,13 @@ class ManageOrgUsersComponent extends React.Component {
           });
         })
         .catch(({ error }) => {
-          toast.error(error);
+          this.setState({
+            showErrorModal: true,
+            errorModalMessage: error.error,
+            errorTitle: error?.title || 'Conflicting Permissions',
+            errorItemList: error?.data,
+            errorIconName: 'usergear',
+          });
           this.setState({ creatingUser: false });
         });
     } else {
@@ -251,6 +276,16 @@ class ManageOrgUsersComponent extends React.Component {
     toast.success('Invitation URL copied');
   };
 
+  clearErrorState = () => {
+    this.setState({
+      showErrorModal: false,
+      errorModalMessage: '',
+      errorItemList: [],
+      errorTitle: '',
+      errorIconName: '',
+    });
+  };
+
   pageChanged = (page) => {
     this.fetchUsers(page, this.state.options);
   };
@@ -290,10 +325,24 @@ class ManageOrgUsersComponent extends React.Component {
       meta,
       currentEditingUser,
       userDrawerMode,
+      showErrorModal,
+      errorModalMessage,
+      errorItemList,
+      errorTitle,
+      errorIconName,
     } = this.state;
     return (
       <ErrorBoundary showFallback={true}>
         <div className="wrapper org-users-page animation-fade">
+          <EditRoleErrorModal
+            darkMode={this.props.darkMode}
+            show={showErrorModal}
+            errorMessage={errorModalMessage}
+            errorTitle={errorTitle}
+            listItems={errorItemList}
+            iconName={errorIconName}
+            onClose={this.clearErrorState}
+          />
           {this.state.isInviteUsersDrawerOpen && (
             <ManageOrgUsersDrawer
               isInviteUsersDrawerOpen={this.state.isInviteUsersDrawerOpen}
diff --git a/frontend/src/ManageOrgUsers/ManageOrgUsersDrawer.jsx b/frontend/src/ManageOrgUsers/ManageOrgUsersDrawer.jsx
index 398239cdb1..cf1c4cfb4d 100644
--- a/frontend/src/ManageOrgUsers/ManageOrgUsersDrawer.jsx
+++ b/frontend/src/ManageOrgUsers/ManageOrgUsersDrawer.jsx
@@ -1,7 +1,7 @@
 import React, { useEffect, useState } from 'react';
 import Drawer from '@/_ui/Drawer';
 import InviteUsersForm from './InviteUsersForm';
-import { groupPermissionService } from '@/_services';
+import { groupPermissionService, groupPermissionV2Service } from '@/_services';
 import { authenticationService } from '../_services/authentication.service';
 import { USER_DRAWER_MODES } from '@/_helpers/utils';
 
@@ -27,11 +27,13 @@ const ManageOrgUsersDrawer = ({
 
   const humanizeifDefaultGroupName = (groupName) => {
     switch (groupName) {
-      case 'all_users':
-        return 'All users';
+      case 'end-user':
+        return 'End user';
 
       case 'admin':
         return 'Admin';
+      case 'builder':
+        return 'Builder';
 
       default:
         return groupName;
@@ -41,19 +43,17 @@ const ManageOrgUsersDrawer = ({
   const fetchOrganizations = () => {
     const { current_organization_id } = authenticationService.currentSessionValue;
 
-    groupPermissionService
+    groupPermissionV2Service
       .getGroups()
-      .then(({ group_permissions }) => {
-        const orgGroups = group_permissions
-          .filter((group) => group.organization_id === current_organization_id)
-          .map(({ group }) => ({
-            label:
-              group === 'all_users' && isEditing
-                ? `${humanizeifDefaultGroupName(group)} (Default group)`
-                : humanizeifDefaultGroupName(group),
-            name: humanizeifDefaultGroupName(group),
-            value: group,
-            ...(group === 'all_users' && isEditing && { isDisabled: true, isFixed: true }),
+      .then(({ groupPermissions }) => {
+        const orgGroups = groupPermissions
+          .filter((group) => group.organizationId === current_organization_id)
+          .map(({ name, type, id }) => ({
+            label: humanizeifDefaultGroupName(name),
+            name: humanizeifDefaultGroupName(name),
+            value: name,
+            groupType: type,
+            id: id,
           }));
         setGroups(orgGroups);
       })
diff --git a/frontend/src/ManageOrgUsers/UserGroupsSelect.jsx b/frontend/src/ManageOrgUsers/UserGroupsSelect.jsx
index 99a67c1e1e..6270a42eb5 100644
--- a/frontend/src/ManageOrgUsers/UserGroupsSelect.jsx
+++ b/frontend/src/ManageOrgUsers/UserGroupsSelect.jsx
@@ -3,6 +3,7 @@ import { ButtonSolid } from '@/_ui/AppButton/AppButton';
 import React, { useState } from 'react';
 import { useNavigate } from 'react-router-dom';
 import Select, { components } from 'react-select';
+import SolidIcon from '@/_ui/Icon/solidIcons/index';
 
 export function UserGroupsSelect(props) {
   const navigate = useNavigate();
@@ -30,12 +31,22 @@ export function UserGroupsSelect(props) {
     );
   };
 
-  const InputOption = ({ getStyles, Icon, isDisabled, isFocused, isSelected, children, innerProps, ...rest }) => {
+  const formatGroupLabel = (data) => {
+    const type = data.label;
+    return (
+      <div className="mb-2 d-flex align-items-center">
+        <SolidIcon name={type === 'default' ? 'usergear' : 'usergroup'} />
+        <span className="ml-1 group-title">{type === 'default' ? 'USER ROLE' : 'GROUPS'}</span>
+        {type === 'default' && <span style={{ color: 'red' }}>*</span>}
+      </div>
+    );
+  };
+
+  const InputOption = ({ getStyles, Icon, isDisabled, isFocused, isSelected, children, data, innerProps, ...rest }) => {
     const [isActive, setIsActive] = useState(false);
     const onMouseDown = () => setIsActive(true);
     const onMouseUp = () => setIsActive(false);
     const onMouseLeave = () => setIsActive(false);
-
     const style = {
       alignItems: 'center',
       backgroundColor: 'transparent',
@@ -50,7 +61,6 @@ export function UserGroupsSelect(props) {
       onMouseLeave,
       style,
     };
-
     return (
       <components.Option
         {...rest}
@@ -62,8 +72,12 @@ export function UserGroupsSelect(props) {
         className={isDisabled && 'disabled'}
       >
         <input
-          style={{ width: '1.2rem', height: '1.2rem', borderRadius: '6px !important' }}
-          type="checkbox"
+          style={
+            data.groupType === 'default'
+              ? { height: '1.3rem' }
+              : { width: '1.2rem', height: '1.2rem', borderRadius: '6px !important' }
+          }
+          type={data.groupType === 'default' ? 'radio' : 'checkbox'}
           className="form-check-input"
           checked={isSelected}
           data-cy="group-check-input"
@@ -72,6 +86,13 @@ export function UserGroupsSelect(props) {
       </components.Option>
     );
   };
+  const MultiValueRemove = (props) => {
+    // Conditionally render the close icon
+    if (props.data.groupType === 'default') {
+      return null; // Do not render the close icon
+    }
+    return <components.MultiValueRemove {...props} />;
+  };
 
   const MultiValue = (props) => (
     <components.MultiValue {...props}>
@@ -80,6 +101,11 @@ export function UserGroupsSelect(props) {
   );
 
   const selectStyles = {
+    placeholder: (base) => ({
+      ...base,
+      fontSize: '12px',
+      color: '#A0A0A0',
+    }),
     indicatorSeparator: (base) => ({
       ...base,
       display: 'none',
@@ -122,6 +148,7 @@ export function UserGroupsSelect(props) {
       border: '1px solid var(--slate7)',
       boxShadow: 'none',
       borderRadius: '6px',
+
       background: 'unset',
       '&:hover': {
         border: '1px solid var(--slate8)',
@@ -155,10 +182,11 @@ export function UserGroupsSelect(props) {
       closeMenuOnSelect={false}
       hideSelectedOptions={false}
       className={darkMode && 'theme-dark dark-theme'}
-      components={{ Option: InputOption, MultiValue, IndicatorSeparator: null }}
+      formatGroupLabel={formatGroupLabel}
+      components={{ Option: InputOption, MultiValue, MultiValueRemove, IndicatorSeparator: null }}
       {...props}
       styles={selectStyles}
-      placeholder="Select groups to add for this user"
+      placeholder="Select user groups and role .."
       noOptionsMessage={() => 'No groups found'}
     />
   );
diff --git a/frontend/src/ManageOrgVars/ManageOrgVars.jsx b/frontend/src/ManageOrgVars/ManageOrgVars.jsx
index 808214446e..3cc0adf66f 100644
--- a/frontend/src/ManageOrgVars/ManageOrgVars.jsx
+++ b/frontend/src/ManageOrgVars/ManageOrgVars.jsx
@@ -244,10 +244,7 @@ class RawManageOrgVarsComponent extends React.Component {
   }
 
   canDeleteVariable = () => {
-    return this.canAnyGroupPerformAction(
-      'org_environment_variable_delete',
-      authenticationService.currentSessionValue.group_permissions
-    );
+    return authenticationService.currentSessionValue.org_constant_c_r_u_d;
   };
   setIsManageVarDrawerOpen = (val) => {
     this.setState({ isManageVarDrawerOpen: val });
diff --git a/frontend/src/TooljetDatabase/Forms/styles.scss b/frontend/src/TooljetDatabase/Forms/styles.scss
index e30a8e22ed..150c7a6e8c 100644
--- a/frontend/src/TooljetDatabase/Forms/styles.scss
+++ b/frontend/src/TooljetDatabase/Forms/styles.scss
@@ -177,7 +177,7 @@
 
   input.form-control:disabled {
     gap: 16px !important;
-    background: #f4f6fa !important;
+    background: var(--base) !important;
     border: 1px solid var(--slate7) !important;
     border-radius: 6px !important;
     margin-bottom: 4px !important;
diff --git a/frontend/src/WorkspaceConstants/index.jsx b/frontend/src/WorkspaceConstants/index.jsx
index 7a3821aa2d..851badf43c 100644
--- a/frontend/src/WorkspaceConstants/index.jsx
+++ b/frontend/src/WorkspaceConstants/index.jsx
@@ -17,10 +17,7 @@ export default function WorkspaceConstants({ darkMode, switchDarkMode }) {
   };
 
   const canCreateVariableOrConstant = () => {
-    return canAnyGroupPerformAction(
-      'org_environment_variable_create',
-      authenticationService.currentSessionValue.group_permissions
-    );
+    return authenticationService.currentSessionValue.user_permissions.org_constant_c_r_u_d;
   };
 
   useEffect(() => {
diff --git a/frontend/src/_components/LogoNavDropdown.jsx b/frontend/src/_components/LogoNavDropdown.jsx
index c5c2e6adcd..f512e41750 100644
--- a/frontend/src/_components/LogoNavDropdown.jsx
+++ b/frontend/src/_components/LogoNavDropdown.jsx
@@ -38,16 +38,17 @@ export default function LogoNavDropdown({ darkMode }) {
             <span>Database</span>
           </Link>
         )}
-        <Link
-          to={getPrivateRoute('data_sources')}
-          className="dropdown-item tj-text tj-text-xsm"
-          target="_blank"
-          data-cy="data-source-option"
-        >
-          <SolidIcon name="datasource" width="20" />
-          <span>Data sources</span>
-        </Link>
-
+        {admin && (
+          <Link
+            to={getPrivateRoute('data_sources')}
+            className="dropdown-item tj-text tj-text-xsm"
+            target="_blank"
+            data-cy="data-source-option"
+          >
+            <SolidIcon name="datasource" width="20" />
+            <span>Data sources</span>
+          </Link>
+        )}
         <Link
           to={getPrivateRoute('workspace_constants')}
           className="dropdown-item tj-text tj-text-xsm"
diff --git a/frontend/src/_components/MultiSelectUser.jsx b/frontend/src/_components/MultiSelectUser.jsx
index 525b340087..c2cabf5a89 100644
--- a/frontend/src/_components/MultiSelectUser.jsx
+++ b/frontend/src/_components/MultiSelectUser.jsx
@@ -19,7 +19,7 @@ function MultiSelectUser({
   const listOfOptions = useRef([]);
 
   useEffect(() => {
-    setOptions(filterOptions(listOfOptions.current));
+    setOptions(listOfOptions.current);
     // eslint-disable-next-line react-hooks/exhaustive-deps
   }, [selectedValues, listOfOptions.current]);
 
@@ -35,14 +35,19 @@ function MultiSelectUser({
   );
 
   function renderCustom(props, option) {
+    const valuePresent = selectedValues.some((item) => item.value === option.value);
     return (
       <div className={`item-renderer`}>
         <div>
           <input
             type="checkbox"
-            // eslint-disable-next-line no-unused-vars
+            checked={valuePresent}
             onClick={(e) => {
-              onSelect([...selectedValues, option]);
+              if (!valuePresent) {
+                onSelect([...selectedValues, option]);
+              } else {
+                onSelect([...selectedValues.filter((item) => item.value !== option.value)]);
+              }
             }}
           />
           <div className="d-flex flex-column" style={{ marginLeft: '12px' }}>
@@ -76,7 +81,7 @@ function MultiSelectUser({
         closeOnSelect={false}
         search={true}
         multiple
-        value={{ name: '' }}
+        value={selectedValues}
         onChange={(id, value) => onSelect([...selectedValues, ...value])}
         placeholder={placeholder}
         debounce={onSearch ? 300 : undefined}
diff --git a/frontend/src/_components/OrganizationLogin/OrganizationLogin.jsx b/frontend/src/_components/OrganizationLogin/OrganizationLogin.jsx
index e82cfddf22..3c2eb1981f 100644
--- a/frontend/src/_components/OrganizationLogin/OrganizationLogin.jsx
+++ b/frontend/src/_components/OrganizationLogin/OrganizationLogin.jsx
@@ -319,7 +319,7 @@ class OrganizationLogin extends React.Component {
                       </label>
                       <div className="help-text danger-text-login">
                         <div data-cy="enable-sign-up-helper-text">
-                          Users will be able to sign up without being invited
+                          Users will be able to sign up as end-users without being invited
                         </div>
                       </div>
                     </div>
diff --git a/frontend/src/_components/SearchBox.jsx b/frontend/src/_components/SearchBox.jsx
index 4ee201d226..ec52e37fa1 100644
--- a/frontend/src/_components/SearchBox.jsx
+++ b/frontend/src/_components/SearchBox.jsx
@@ -38,12 +38,24 @@ export const SearchBox = forwardRef(
       onClearCallback?.();
     };
 
+    const handleClickOutside = (event) => {
+      if (ref.current && !ref.current.contains(event.target)) {
+        clearSearchText();
+        // Your function to be triggered
+      }
+    };
+
     const mounted = useMounted();
 
     useEffect(() => {
+      document.addEventListener('mousedown', handleClickOutside);
       if (mounted) {
         onSubmit?.(debouncedSearchTerm);
       }
+      return () => {
+        // Cleanup event listener on component unmount
+        document.removeEventListener('mousedown', handleClickOutside);
+      };
       // eslint-disable-next-line react-hooks/exhaustive-deps
     }, [debouncedSearchTerm, onSubmit]);
 
diff --git a/frontend/src/_helpers/utils.js b/frontend/src/_helpers/utils.js
index 1e44d3373f..52300348e8 100644
--- a/frontend/src/_helpers/utils.js
+++ b/frontend/src/_helpers/utils.js
@@ -1227,11 +1227,13 @@ export const USER_DRAWER_MODES = {
 
 export const humanizeifDefaultGroupName = (groupName) => {
   switch (groupName) {
-    case 'all_users':
-      return 'All users';
+    case 'end-user':
+      return 'End user';
 
     case 'admin':
       return 'Admin';
+    case 'builder':
+      return 'Builder';
 
     default:
       return groupName;
diff --git a/frontend/src/_services/authentication.service.js b/frontend/src/_services/authentication.service.js
index 191221229d..09114aad0d 100644
--- a/frontend/src/_services/authentication.service.js
+++ b/frontend/src/_services/authentication.service.js
@@ -17,8 +17,10 @@ const currentSessionSubject = new BehaviorSubject({
   current_organization_name: null,
   super_admin: null,
   admin: null,
+  user_permissions: null,
   group_permissions: null,
   app_group_permissions: null,
+  role: null,
   organizations: [],
   isUserLoggingIn: false,
   authentication_status: null,
diff --git a/frontend/src/_services/groupPermission.v2.service.js b/frontend/src/_services/groupPermission.v2.service.js
new file mode 100644
index 0000000000..8ac8da2338
--- /dev/null
+++ b/frontend/src/_services/groupPermission.v2.service.js
@@ -0,0 +1,190 @@
+import config from 'config';
+import { authHeader, handleResponse } from '@/_helpers';
+
+export const groupPermissionV2Service = {
+  create,
+  update,
+  del,
+  getGroup,
+  getGroups,
+  fetchAddableApps,
+  getUsersInGroup,
+  getUsersNotInGroup,
+  updateUserRole,
+  addUsersInGroups,
+  deleteUserFromGroup,
+  createGranularPermission,
+  fetchGranularPermissions,
+  deleteGranularPermission,
+  updateGranularPermission,
+  duplicate,
+};
+
+function create(name) {
+  const body = {
+    name,
+  };
+
+  const requestOptions = {
+    method: 'POST',
+    headers: authHeader(),
+    credentials: 'include',
+    body: JSON.stringify(body),
+  };
+  return fetch(`${config.apiUrl}/v2/group_permissions`, requestOptions).then(handleResponse);
+}
+
+function update(groupPermissionId, body) {
+  const requestOptions = {
+    method: 'PUT',
+    headers: authHeader(),
+    credentials: 'include',
+    body: JSON.stringify(body),
+  };
+  return fetch(`${config.apiUrl}/v2/group_permissions/${groupPermissionId}`, requestOptions).then(handleResponse);
+}
+
+function del(groupPermissionId) {
+  const requestOptions = {
+    method: 'DELETE',
+    headers: authHeader(),
+    credentials: 'include',
+  };
+  return fetch(`${config.apiUrl}/v2/group_permissions/${groupPermissionId}`, requestOptions).then(handleResponse);
+}
+
+function getGroup(groupPermissionId) {
+  const requestOptions = {
+    method: 'GET',
+    headers: authHeader(),
+    credentials: 'include',
+  };
+  return fetch(`${config.apiUrl}/v2/group_permissions/${groupPermissionId}`, requestOptions).then(handleResponse);
+}
+
+function fetchAddableApps() {
+  const requestOptions = {
+    method: 'GET',
+    headers: authHeader(),
+    credentials: 'include',
+  };
+  return fetch(`${config.apiUrl}/v2/group_permissions/granular-permissions/addable-apps`, requestOptions).then(
+    handleResponse
+  );
+}
+
+function getGroups() {
+  const requestOptions = {
+    method: 'GET',
+    headers: authHeader(),
+    credentials: 'include',
+  };
+  return fetch(`${config.apiUrl}/v2/group_permissions`, requestOptions).then(handleResponse);
+}
+
+function addUsersInGroups(body) {
+  const requestOptions = {
+    method: 'POST',
+    headers: authHeader(),
+    credentials: 'include',
+    body: JSON.stringify(body),
+  };
+  return fetch(`${config.apiUrl}/v2/group_permissions/group-user`, requestOptions).then(handleResponse);
+}
+
+function deleteUserFromGroup(id) {
+  const requestOptions = {
+    method: 'DELETE',
+    headers: authHeader(),
+    credentials: 'include',
+  };
+  return fetch(`${config.apiUrl}/v2/group_permissions/group-user/${id}`, requestOptions).then(handleResponse);
+}
+
+function createGranularPermission(body) {
+  const requestOptions = {
+    method: 'POST',
+    headers: authHeader(),
+    credentials: 'include',
+    body: JSON.stringify(body),
+  };
+  return fetch(`${config.apiUrl}/v2/group_permissions/granular-permissions`, requestOptions).then(handleResponse);
+}
+
+function updateGranularPermission(id, body) {
+  const requestOptions = {
+    method: 'PUT',
+    headers: authHeader(),
+    credentials: 'include',
+    body: JSON.stringify(body),
+  };
+  return fetch(`${config.apiUrl}/v2/group_permissions/granular-permissions/update/${id}`, requestOptions).then(
+    handleResponse
+  );
+}
+
+function deleteGranularPermission(id) {
+  const requestOptions = {
+    method: 'DELETE',
+    headers: authHeader(),
+    credentials: 'include',
+  };
+  return fetch(`${config.apiUrl}/v2/group_permissions/granular-permissions/${id}`, requestOptions).then(handleResponse);
+}
+
+function fetchGranularPermissions(groupPermissionId) {
+  const requestOptions = {
+    method: 'GET',
+    headers: authHeader(),
+    credentials: 'include',
+  };
+  return fetch(`${config.apiUrl}/v2/group_permissions/${groupPermissionId}/granular-permissions`, requestOptions).then(
+    handleResponse
+  );
+}
+
+function updateUserRole(body) {
+  const requestOptions = {
+    method: 'PUT',
+    headers: authHeader(),
+    credentials: 'include',
+    body: JSON.stringify(body),
+  };
+  return fetch(`${config.apiUrl}/v2/group_permissions/user-role/edit`, requestOptions).then(handleResponse);
+}
+
+function getUsersInGroup(groupPermissionId, searchInput = '') {
+  const requestOptions = {
+    method: 'GET',
+    headers: authHeader(),
+    credentials: 'include',
+  };
+  return fetch(
+    `${config.apiUrl}/v2/group_permissions/${groupPermissionId}/group-user?input=${searchInput && searchInput?.trim()}`,
+    requestOptions
+  ).then(handleResponse);
+}
+
+function getUsersNotInGroup(searchInput, groupPermissionId) {
+  const requestOptions = {
+    method: 'GET',
+    headers: authHeader(),
+    credentials: 'include',
+  };
+  return fetch(
+    `${config.apiUrl}/v2/group_permissions/${groupPermissionId}/group-user/addable-users?input=${searchInput.trim()}`,
+    requestOptions
+  ).then(handleResponse);
+}
+
+function duplicate(groupPermissionId, body) {
+  const requestOptions = {
+    method: 'POST',
+    headers: authHeader(),
+    credentials: 'include',
+    body: JSON.stringify(body),
+  };
+  return fetch(`${config.apiUrl}/v2/group_permissions/${groupPermissionId}/duplicate`, requestOptions).then(
+    handleResponse
+  );
+}
diff --git a/frontend/src/_services/index.js b/frontend/src/_services/index.js
index ea9a1ab1e5..9925c306ec 100644
--- a/frontend/src/_services/index.js
+++ b/frontend/src/_services/index.js
@@ -22,3 +22,4 @@ export * from './globalDatasource.service';
 export * from './app_environment.service';
 export * from './copilot.service';
 export * from './organization_constants.service';
+export * from './groupPermission.v2.service';
diff --git a/frontend/src/_styles/groups-permissions.scss b/frontend/src/_styles/groups-permissions.scss
new file mode 100644
index 0000000000..456857bfd0
--- /dev/null
+++ b/frontend/src/_styles/groups-permissions.scss
@@ -0,0 +1,146 @@
+@import "./typography.scss";
+@import "./designtheme.scss";
+
+.granular-access-container {
+    display: flex;
+    flex-direction: row;
+    height: 470px;
+    gap: 0;
+
+    .manage-granular-permissions-info {
+        display: flex;
+        height: 48px;
+        width: 612px;
+        border-radius: 6px;
+        padding: 12px 24px 12px 24px;
+        background: var(--slate3);
+        border: 1px solid var(--slate5);
+        border-radius: 6px;
+        margin-bottom: 16px;
+
+        p {
+            color: var(--slate12);
+            // gap: 14px;
+            display: flex;
+            align-items: center;
+
+        }
+    }
+  
+
+    .manage-granular-permission-header {
+        border-bottom: 1px solid var(--slate5);
+        display: flex;
+        p {
+            padding: 8px 12px;
+            // gap: 10px;
+            width: 230px;
+            height: 36px;
+            font-weight: 500;
+            color: var(--slate11) !important;
+        }
+    }
+
+    .empty-container {
+        flex-shrink: 0; /* Prevent shrinking */
+        height: 100%; /* Take full height of the parent container */
+        display: flex;
+        align-items: center; /* Center items vertically */
+        justify-content: center; /* Center items horizontally */
+        text-align: center;
+        flex-direction: column;
+        width: 330px;
+
+        .icon-container {
+            width: 55px;
+            height: 55px;
+            background: var(--indigo4);
+            border-radius: 6px;
+
+            svg {
+                width: 45px;
+                height: 45px;
+                path {
+                    fill: var(--indigo9);
+                }
+            }
+        }
+
+        .add-permission-btn {
+            width: 135px;
+        }
+    }
+
+    .permission-body-one {
+        flex-grow: 1; /* Allow this to grow and fill available space */
+        overflow-y: auto;
+        border-bottom: 1px solid var(--slate5);
+        margin: 0; /* Ensure no margin */
+        padding: 0; /* Ensure no padding */
+        min-height: calc(100% - 48px - 16px - 55px - 70px);
+        max-height: calc(100% - 48px - 16px - 55px - 70px);
+    }
+
+    .permission-body-two {
+        flex-grow: 1; /* Allow this to grow and fill available space */
+        overflow-y: auto;
+        border-bottom: 1px solid var(--slate5);
+        margin: 0; /* Ensure no margin */
+        padding: 0; /* Ensure no padding */
+        min-height: calc(100% - 16px - 55px - 54px);
+        max-height: calc(100% - 16px - 55px - 54px);
+    }
+
+    .side-button-cont {
+        display: flex;
+        justify-content: flex-end;
+        align-items: center; /* Ensure the content is centered vertically */
+        height: 50px;
+        flex-shrink: 0; /* Prevent shrinking */
+        margin: 0; /* Ensure no margin */
+        padding: 12px; /* Ensure no padding */
+        margin-bottom: 15px;
+
+        .add-icon {
+            width: 135px;
+            height: 30px;
+        }
+    }
+}
+
+
+.permission-type {
+    border: 0px !important;
+    width: 100% !important;
+    justify-content: flex-start;
+    padding-left: 1rem;
+}
+
+.permission-manager-modal {
+    .permission-manager-title {
+        display: flex;
+        align-items: center;
+        gap: 5px;
+    }
+
+    .type-container {
+        display: flex;
+        justify-content: space-between;
+
+        .right-container {
+            display: flex;
+            flex-direction: column;
+        }
+    }
+}
+
+
+.delete-icon-cont {
+    margin-left: 200px;
+
+    .icon-class{
+        border: none !important;
+        background-color: none !important;
+
+    }
+}
\ No newline at end of file
diff --git a/frontend/src/_styles/theme.scss b/frontend/src/_styles/theme.scss
index 50a458d6df..e22a996df1 100644
--- a/frontend/src/_styles/theme.scss
+++ b/frontend/src/_styles/theme.scss
@@ -12,6 +12,7 @@
 @import "./ui-operations.scss";
 @import 'react-loading-skeleton/dist/skeleton.css';
 @import './table-component.scss';
+@import './groups-permissions.scss';
 @import 'tailwindcss/base';
 @import 'tailwindcss/components';
 @import 'tailwindcss/utilities';
@@ -8924,25 +8925,38 @@ tbody {
   padding: 16px;
 
   tbody {
-
-    tr>td>span,
-    tr>td>a {
-      white-space: nowrap;
-      overflow: hidden;
-      text-overflow: ellipsis;
-      max-width: 140px;
+    tr{
+      td {
+        border-bottom-width: 0px !important;
+        display: flex;
+        align-items: center;
+        flex: 9%;
+        padding-left: 0px !important;
+        padding-right: 0px !important;
+        white-space: nowrap;
+        overflow: hidden;
+        text-overflow: ellipsis;
+        &[data-name="role-header"] {
+          max-width: 98px !important;
+        }
+        span,a {
+          white-space: nowrap;
+          overflow: hidden;
+          text-overflow: ellipsis;
+          max-width: 140px;
+        }
+      }
     }
   }
 
   thead {
     tr {
-      padding: 0px 6px;
+      padding: 6px 0px 0px 6px;
       gap: 8px;
       width: 848px;
       height: 40px;
       display: flex;
       align-items: center;
-      margin-top: 6px;
     }
 
     tr>th {
@@ -8950,6 +8964,10 @@ tbody {
       border-bottom: none !important;
       padding: 0 !important;
       width: 282px;
+
+      &[data-name="role-header"] {
+        width:120px !important;
+      }
     }
   }
 
@@ -8963,17 +8981,21 @@ tbody {
     gap: 8px;
   }
 
-  tr>td {
-    border-bottom-width: 0px !important;
-    display: flex;
-    align-items: center;
-    flex: 9%;
-    padding-left: 0px !important;
-    padding-right: 0px !important;
-    white-space: nowrap;
-    overflow: hidden;
-    text-overflow: ellipsis;
-  }
+  // tr>td {
+  //   border-bottom-width: 0px !important;
+  //   display: flex;
+  //   align-items: center;
+  //   flex: 9%;
+  //   padding-left: 0px !important;
+  //   padding-right: 0px !important;
+  //   white-space: nowrap;
+  //   overflow: hidden;
+  //   text-overflow: ellipsis;
+
+  //   &[data-name="role-header"] {
+  //       width:120px !important;
+  //     }
+  // }
 }
 
 .user-actions-button {
@@ -9440,15 +9462,21 @@ tbody {
 }
 
 .manage-groups-body {
-  padding: 24px;
+  padding: 12px 12px 10px 12px;
   font-size: 12px;
-  overflow-y: auto;
+  // overflow-y: auto;
   height: calc(100vh - 300px);
 
+  .group-users-list-container{
+    height: calc(100vh - 300px - 100px); /* Set a fixed height */
+  overflow-y: auto; /* Enable vertical scrolling */
+  border-bottom: 1px solid var(--slate6) !important;
+  }
+
 }
 
 .groups-sub-header-wrap {
-  width: 612px;
+  // width: 612px;
   height: 36px;
   border-bottom: 1px solid var(--slate5) !important;
 
@@ -9618,14 +9646,15 @@ tbody {
 }
 
 .apps-permission-wrap {
-  height: 72px;
+  height: auto;
   justify-content: center;
+  width: auto;
   gap: 12px;
 }
 
 .apps-folder-permission-wrap,
 .apps--variable-permission-wrap {
-  height: 44px;
+  height: auto;
 }
 
 .manage-group-permision-header {
@@ -9635,7 +9664,7 @@ tbody {
   p {
     padding: 8px 12px;
     gap: 10px;
-    width: 206px;
+    width: 230px;
     height: 36px;
     font-weight: 500;
     color: var(--slate11) !important;
@@ -9682,13 +9711,19 @@ tbody {
 
 .default-group-wrap {
   gap: 10px;
-  width: 119px;
-  height: 28px;
+  width: 130px;
+  height: 32px;
   display: flex;
   align-items: center;
   justify-content: center;
-  background: var(--grass3);
+  background: var(--indigo3);
   border-radius: 100px;
+  border: 2px solid var(--indigo7);
+  color: var(--indigo9);
+
+  path {
+    fill: var(--indigo9);
+  }
 }
 
 .sso-icon-wrapper {
@@ -9759,6 +9794,9 @@ tbody {
   text-transform: capitalize;
 }
 
+
+
+
 .manage-group-users-row {
   display: flex;
   flex-direction: row;
@@ -9769,13 +9807,13 @@ tbody {
   border-bottom: 1px solid var(--slate5);
 
   p {
-    width: 272px;
+    width: 262px;
     white-space: nowrap;
     overflow: hidden;
     text-overflow: ellipsis;
 
     span {
-      max-width: 150px;
+      max-width: 140px;
       white-space: nowrap;
       overflow: hidden;
       text-overflow: ellipsis;
@@ -9785,8 +9823,17 @@ tbody {
   &:hover .apps-remove-btn {
     display: flex;
   }
+
+  .edit-role-btn{
+    margin-left: auto;
+    margin-right: 20px;
+    display: flex;
+    align-items: center; 
+    padding-top: 5px;
+  }
 }
 
+
 .manage-group-app-table-body {
   width: 602px !important;
 
@@ -9853,7 +9900,7 @@ tbody {
   border-bottom: 1px solid var(--slate5);
   width: 612px;
   height: 36px;
-  padding: 8px 12px;
+  padding: 8px 12px 8px 2px;
   align-items: center;
 
 
@@ -9863,6 +9910,15 @@ tbody {
     font-weight: 500;
   }
 
+  .edit-role-btn{
+    margin-left: auto;
+    margin-right: 50px;
+    display: flex;
+    width: 20px;
+    align-items: center; 
+    padding-top: 5px;
+  }
+
 }
 
 .manage-groups-permission-apps,
@@ -9888,12 +9944,12 @@ tbody {
 .apps-variable-permission-wrap,
 .apps-constant-permission-wrap {
   gap: 10px;
-  height: 72px;
+  height: auto;
 }
 
 .apps-folder-permission-wrap,
 .apps-variable-permission-wrap {
-  height: 44px;
+  height: auto;
   border-bottom: 1px solid var(--slate5);
 }
 
@@ -10800,6 +10856,12 @@ tbody {
   border-bottom-left-radius: 6px;
   border-bottom-right-radius: 6px;
 
+
+  .user-detail{
+    display: flex;
+    flex-direction: column;    
+  }
+
 }
 
 .user-filter-search {
@@ -12784,7 +12846,7 @@ tbody {
     text-overflow: ellipsis;
     overflow: hidden;
     white-space: nowrap;
-    max-width: 185px;
+    max-width: 210px;
   }
 
   .group-chip {
@@ -13170,6 +13232,27 @@ tbody {
   }
 }
 
+.modal-base {
+  .modal-footer {
+    padding: 1rem;
+
+    .tj-btn-left-icon {
+      svg {
+        width: 20px;
+        height: 20px;
+
+        path {
+          fill: var(--indigo1);
+        }
+      }
+    }
+
+    .tj-large-btn {
+      font-weight: 500;
+      font-size: 14px;
+    }
+  }
+}
 .component-spinner {
   animation: l13 1s infinite linear;
   position: absolute;
@@ -13183,7 +13266,6 @@ tbody {
 
 .widget-version-identifier {
   position: absolute;
-  right: 0px;
   top: 0px;
   border-radius: 0px 8px 0px 8px;
   height: 16px;
diff --git a/frontend/src/_styles/widgets/multi-select.scss b/frontend/src/_styles/widgets/multi-select.scss
index caa63dce8f..86ede8e00a 100644
--- a/frontend/src/_styles/widgets/multi-select.scss
+++ b/frontend/src/_styles/widgets/multi-select.scss
@@ -181,6 +181,10 @@
   }
 }
 
+.tj-ms-usergroup{
+  width: auto;
+}
+
 .tj-ms-count {
   border-radius: 2px;
   display: flex;
diff --git a/frontend/src/_ui/AppButton/AppButton.scss b/frontend/src/_ui/AppButton/AppButton.scss
index 2fee7d996e..15320ad44e 100644
--- a/frontend/src/_ui/AppButton/AppButton.scss
+++ b/frontend/src/_ui/AppButton/AppButton.scss
@@ -1,7 +1,7 @@
 @import "../../_styles/designtheme.scss";
 
 .tj-base-btn {
-    box-sizing: border-box;
+    // box-sizing: border-box;
     display: flex;
     flex-direction: row;
     justify-content: center;
diff --git a/frontend/src/_ui/Icon/solidIcons/GranularAccess.jsx b/frontend/src/_ui/Icon/solidIcons/GranularAccess.jsx
new file mode 100644
index 0000000000..0c5a3b309b
--- /dev/null
+++ b/frontend/src/_ui/Icon/solidIcons/GranularAccess.jsx
@@ -0,0 +1,19 @@
+import React from 'react';
+
+const GranularAccess = ({ fill = '#C1C8CD', width = '17', className = '', viewBox = '0 0 17 17' }) => (
+  <svg
+    width={width}
+    height={width}
+    viewBox={viewBox}
+    fill="none"
+    xmlns="http://www.w3.org/2000/svg"
+    className={className}
+  >
+    <path
+      d="M9.95117 13.7257V13.3591C9.95117 12.8591 10.1956 12.4619 10.6845 12.1674C11.1734 11.873 11.8178 11.7257 12.6178 11.7257C13.4178 11.7257 14.0623 11.873 14.5512 12.1674C15.0401 12.4619 15.2845 12.8591 15.2845 13.3591V13.7257H9.95117ZM12.6178 11.0591C12.2512 11.0591 11.9373 10.9285 11.6762 10.6674C11.4151 10.4063 11.2845 10.0924 11.2845 9.72575C11.2845 9.35908 11.4151 9.04519 11.6762 8.78408C11.9373 8.52297 12.2512 8.39242 12.6178 8.39242C12.9845 8.39242 13.2984 8.52297 13.5595 8.78408C13.8206 9.04519 13.9512 9.35908 13.9512 9.72575C13.9512 10.0924 13.8206 10.4063 13.5595 10.6674C13.2984 10.9285 12.9845 11.0591 12.6178 11.0591ZM3.28451 13.7257C2.91784 13.7257 2.60395 13.5952 2.34284 13.3341C2.08173 13.073 1.95117 12.7591 1.95117 12.3924V4.39242C1.95117 4.02575 2.08173 3.71186 2.34284 3.45075C2.60395 3.18964 2.91784 3.05908 3.28451 3.05908H6.73451C6.91228 3.05908 7.08173 3.09242 7.24284 3.15908C7.40395 3.22575 7.54562 3.32019 7.66784 3.44242L8.61784 4.39242H13.9512C14.3178 4.39242 14.6317 4.52297 14.8928 4.78408C15.154 5.04519 15.2845 5.35908 15.2845 5.72575V7.90908C14.8956 7.6313 14.4734 7.42019 14.0178 7.27575C13.5623 7.1313 13.0901 7.05908 12.6012 7.05908C11.2901 7.05908 10.1873 7.51742 9.29284 8.43408C8.39839 9.35075 7.95117 10.4424 7.95117 11.7091C7.95117 12.0646 7.99006 12.4091 8.06784 12.7424C8.14562 13.0757 8.26228 13.4035 8.41784 13.7257H3.28451Z"
+      fill={fill}
+    />
+  </svg>
+);
+
+export default GranularAccess;
diff --git a/frontend/src/_ui/Icon/solidIcons/UserGear.jsx b/frontend/src/_ui/Icon/solidIcons/UserGear.jsx
new file mode 100644
index 0000000000..e1a024cb5c
--- /dev/null
+++ b/frontend/src/_ui/Icon/solidIcons/UserGear.jsx
@@ -0,0 +1,19 @@
+import React from 'react';
+
+const UserGear = ({ fill = '#889096', width = '17', className = '', viewBox = '0 0 17 17' }) => (
+  <svg
+    width={width}
+    height={width}
+    viewBox={viewBox}
+    fill="none"
+    xmlns="http://www.w3.org/2000/svg"
+    className={className}
+  >
+    <path
+      d="M1.95117 12.3926V11.8593C1.95117 11.4926 2.04562 11.1482 2.23451 10.8259C2.42339 10.5037 2.68451 10.2593 3.01784 10.0926C3.58451 9.80371 4.22339 9.55926 4.9345 9.35926C5.64562 9.15926 6.42895 9.05926 7.2845 9.05926H7.51784C7.58451 9.05926 7.65117 9.07038 7.71784 9.0926C7.39562 9.8926 7.26228 10.687 7.31784 11.4759C7.37339 12.2648 7.64006 13.0148 8.11784 13.7259H3.28451C2.91784 13.7259 2.60395 13.5954 2.34284 13.3343C2.08173 13.0732 1.95117 12.7593 1.95117 12.3926ZM11.9512 12.3926C12.3178 12.3926 12.6317 12.262 12.8928 12.0009C13.1539 11.7398 13.2845 11.4259 13.2845 11.0593C13.2845 10.6926 13.1539 10.3787 12.8928 10.1176C12.6317 9.85649 12.3178 9.72593 11.9512 9.72593C11.5845 9.72593 11.2706 9.85649 11.0095 10.1176C10.7484 10.3787 10.6178 10.6926 10.6178 11.0593C10.6178 11.4259 10.7484 11.7398 11.0095 12.0009C11.2706 12.262 11.5845 12.3926 11.9512 12.3926ZM7.2845 8.3926C6.55117 8.3926 5.92339 8.13149 5.40117 7.60926C4.87895 7.08704 4.61784 6.45926 4.61784 5.72593C4.61784 4.9926 4.87895 4.36482 5.40117 3.8426C5.92339 3.32038 6.55117 3.05927 7.2845 3.05927C8.01784 3.05927 8.64562 3.32038 9.16784 3.8426C9.69006 4.36482 9.95117 4.9926 9.95117 5.72593C9.95117 6.45926 9.69006 7.08704 9.16784 7.60926C8.64562 8.13149 8.01784 8.3926 7.2845 8.3926ZM11.1845 13.8593L11.0845 13.3926C10.9512 13.337 10.8262 13.2787 10.7095 13.2176C10.5928 13.1565 10.4734 13.0815 10.3512 12.9926L9.86784 13.1426C9.72339 13.187 9.58173 13.1815 9.44284 13.1259C9.30395 13.0704 9.19562 12.9815 9.11784 12.8593L8.9845 12.6259C8.90673 12.4926 8.87895 12.3482 8.90117 12.1926C8.92339 12.037 8.99562 11.9093 9.11784 11.8093L9.4845 11.4926C9.46228 11.337 9.45117 11.1926 9.45117 11.0593C9.45117 10.9259 9.46228 10.7815 9.4845 10.6259L9.11784 10.3093C8.99562 10.2093 8.92339 10.0843 8.90117 9.93426C8.87895 9.78426 8.90673 9.6426 8.9845 9.50926L9.1345 9.25926C9.21228 9.13704 9.31784 9.04815 9.45117 8.9926C9.5845 8.93704 9.72339 8.93149 9.86784 8.97593L10.3512 9.12593C10.4734 9.03704 10.5928 8.96204 10.7095 8.90093C10.8262 8.83982 10.9512 8.78149 11.0845 8.72593L11.1845 8.2426C11.2178 8.08704 11.2928 7.96204 11.4095 7.8676C11.5262 7.77315 11.6623 7.72593 11.8178 7.72593H12.0845C12.2401 7.72593 12.3762 7.77593 12.4928 7.87593C12.6095 7.97593 12.6845 8.10371 12.7178 8.25926L12.8178 8.72593C12.9512 8.78149 13.0762 8.8426 13.1928 8.90926C13.3095 8.97593 13.4289 9.05926 13.5512 9.15926L14.0012 9.00926C14.1567 8.95371 14.3067 8.95371 14.4512 9.00926C14.5956 9.06482 14.7067 9.15926 14.7845 9.2926L14.9178 9.52593C14.9956 9.65926 15.0234 9.80371 15.0012 9.95926C14.9789 10.1148 14.9067 10.2426 14.7845 10.3426L14.4178 10.6593C14.4401 10.7926 14.4512 10.9315 14.4512 11.0759C14.4512 11.2204 14.4401 11.3593 14.4178 11.4926L14.7845 11.8093C14.9067 11.9093 14.9789 12.0343 15.0012 12.1843C15.0234 12.3343 14.9956 12.4759 14.9178 12.6093L14.7678 12.8593C14.6901 12.9815 14.5845 13.0704 14.4512 13.1259C14.3178 13.1815 14.1789 13.187 14.0345 13.1426L13.5512 12.9926C13.4289 13.0815 13.3095 13.1565 13.1928 13.2176C13.0762 13.2787 12.9512 13.337 12.8178 13.3926L12.7178 13.8759C12.6845 14.0315 12.6095 14.1565 12.4928 14.2509C12.3762 14.3454 12.2401 14.3926 12.0845 14.3926H11.8178C11.6623 14.3926 11.5262 14.3426 11.4095 14.2426C11.2928 14.1426 11.2178 14.0148 11.1845 13.8593Z"
+      fill={fill}
+    />
+  </svg>
+);
+
+export default UserGear;
diff --git a/frontend/src/_ui/Icon/solidIcons/UserGroups.jsx b/frontend/src/_ui/Icon/solidIcons/UserGroups.jsx
new file mode 100644
index 0000000000..3b22d5ebba
--- /dev/null
+++ b/frontend/src/_ui/Icon/solidIcons/UserGroups.jsx
@@ -0,0 +1,39 @@
+import React from 'react';
+
+const UserGroup = ({ fill = '#889096', width = '15', className = '', viewBox = '0 0 15 15' }) => (
+  <svg
+    width={width}
+    height={width}
+    viewBox={viewBox}
+    fill="none"
+    xmlns="http://www.w3.org/2000/svg"
+    className={className}
+  >
+    <path
+      d="M7.61781 4.72588C8.72238 4.72588 9.61781 3.83045 9.61781 2.72588C9.61781 1.62132 8.72238 0.725891 7.61781 0.725891C6.51325 0.725891 5.61782 1.62132 5.61782 2.72588C5.61782 3.83045 6.51325 4.72588 7.61781 4.72588Z"
+      fill="#889096"
+    />
+    <path
+      d="M7.61782 10.0592C9.82695 10.0592 11.6178 9.16377 11.6178 8.0592C11.6178 6.95464 9.82695 6.05921 7.61782 6.05921C5.40869 6.05921 3.61783 6.95464 3.61783 8.0592C3.61783 9.16377 5.40869 10.0592 7.61782 10.0592Z"
+      fill="#889096"
+    />
+    <path
+      d="M3.87227 6.07189C2.22583 6.17343 0.951172 6.87525 0.951172 7.72593C0.951172 8.42724 1.81749 9.02738 3.04425 9.27341C2.77012 8.90221 2.61783 8.49141 2.61783 8.05927C2.61783 7.29699 3.09167 6.60111 3.87227 6.07189Z"
+      fill="#889096"
+    />
+    <path
+      d="M12.6178 8.05927C12.6178 8.49141 12.4655 8.90221 12.1914 9.27341C13.4182 9.02739 14.2845 8.42725 14.2845 7.72593C14.2845 6.87525 13.0098 6.17343 11.3634 6.07189C12.144 6.60111 12.6178 7.29699 12.6178 8.05927Z"
+      fill="#889096"
+    />
+    <path
+      d="M10.0966 4.41616C10.4255 3.93483 10.6178 3.35282 10.6178 2.7259C10.6178 2.51786 10.5966 2.31477 10.5563 2.11866C10.6811 2.08004 10.8137 2.05924 10.9511 2.05924C11.6875 2.05924 12.2844 2.65619 12.2844 3.39257C12.2844 4.12894 11.6875 4.7259 10.9511 4.7259C10.626 4.7259 10.328 4.60952 10.0966 4.41616Z"
+      fill="#889096"
+    />
+    <path
+      d="M4.28449 2.05924C4.42195 2.05924 4.55454 2.08004 4.67931 2.11866C4.639 2.31477 4.61782 2.51786 4.61782 2.7259C4.61782 3.35282 4.81012 3.93483 5.13896 4.41616C4.90757 4.60952 4.60962 4.7259 4.28449 4.7259C3.54811 4.7259 2.95116 4.12894 2.95116 3.39257C2.95116 2.65619 3.54811 2.05924 4.28449 2.05924Z"
+      fill="#889096"
+    />
+  </svg>
+);
+
+export default UserGroup;
diff --git a/frontend/src/_ui/Icon/solidIcons/index.js b/frontend/src/_ui/Icon/solidIcons/index.js
index 97a08d1e3a..45a5d1e040 100644
--- a/frontend/src/_ui/Icon/solidIcons/index.js
+++ b/frontend/src/_ui/Icon/solidIcons/index.js
@@ -167,6 +167,8 @@ import Open from './Open.jsx';
 import TooljetIcon from './TooljetIcon.jsx';
 import TriangleUpCenter from './TriangleUpCenter.jsx';
 import TriangleDownCenter from './TriangleDownCenter.jsx';
+import UserGear from './UserGear.jsx';
+import GranularAccess from './GranularAccess.jsx';
 import Search01 from './Search01.jsx';
 import ShiftButtonIcon from './ShiftButtonIcon.jsx';
 import Unpin01 from './Unpin01.jsx';
@@ -293,6 +295,8 @@ const Icon = (props) => {
       return <Globe {...props} />;
     case 'grid':
       return <Grid {...props} />;
+    case 'granularaccess':
+      return <GranularAccess {...props} />;
     case 'helppolygon':
       return <HelpPolygon {...props} />;
     case 'home':
@@ -445,6 +449,8 @@ const Icon = (props) => {
       return <UserAdd {...props} />;
     case 'usergroup':
       return <UserGroup {...props} />;
+    case 'usergear':
+      return <UserGear {...props} />;
     case 'userremove':
       return <UserRemove {...props} />;
     case 'uturn':
diff --git a/frontend/src/_ui/Layout/index.jsx b/frontend/src/_ui/Layout/index.jsx
index 2acbaa32c3..6cc104f39c 100644
--- a/frontend/src/_ui/Layout/index.jsx
+++ b/frontend/src/_ui/Layout/index.jsx
@@ -47,10 +47,7 @@ function Layout({
   };
 
   const canCreateVariableOrConstant = () => {
-    return canAnyGroupPerformAction(
-      'org_environment_variable_create',
-      authenticationService.currentSessionValue.group_permissions
-    );
+    return authenticationService.currentSessionValue.user_permissions?.org_constant_c_r_u_d;
   };
 
   return (
diff --git a/frontend/src/_ui/Modal/AppsSelect.jsx b/frontend/src/_ui/Modal/AppsSelect.jsx
new file mode 100644
index 0000000000..4427a7298c
--- /dev/null
+++ b/frontend/src/_ui/Modal/AppsSelect.jsx
@@ -0,0 +1,204 @@
+import { getWorkspaceId } from '@/_helpers/utils';
+import { ButtonSolid } from '@/_ui/AppButton/AppButton';
+import React, { useState } from 'react';
+import { useNavigate } from 'react-router-dom';
+import Select, { components } from 'react-select';
+import { FilterPreview } from '@/_components';
+import './appSelect.theme.scss';
+
+export function AppsSelect(props) {
+  const navigate = useNavigate();
+  const workspaceId = getWorkspaceId();
+  const darkMode = localStorage.getItem('darkMode') === 'true';
+
+  //Will be used when workspace routing settings have been merged
+  const Menu = (props) => {
+    return (
+      <components.Menu {...props}>
+        {props.children}
+        <div className="add-group-btn">
+          <ButtonSolid
+            onClick={() => navigate(`/${workspaceId}/workspace-settings`)}
+            iconCustomClass="rectangle-add-icon"
+            className="create-group"
+            fill="var(--indigo9)"
+            variant="secondary"
+            leftIcon="addrectangle"
+          >
+            Create new group
+          </ButtonSolid>
+        </div>
+      </components.Menu>
+    );
+  };
+
+  const InputOption = ({ getStyles, Icon, isDisabled, isFocused, isSelected, children, innerProps, ...rest }) => {
+    const [isActive, setIsActive] = useState(false);
+    const onMouseDown = () => setIsActive(true);
+    const onMouseUp = () => setIsActive(false);
+    const onMouseLeave = () => setIsActive(false);
+
+    const style = {
+      alignItems: 'center',
+      backgroundColor: 'transparent',
+      color: 'inherit',
+      display: 'flex ',
+    };
+
+    const props = {
+      ...innerProps,
+      onMouseDown,
+      onMouseUp,
+      onMouseLeave,
+      style,
+    };
+
+    return (
+      <components.Option
+        {...rest}
+        isDisabled={isDisabled}
+        isFocused={isFocused}
+        isSelected={isSelected}
+        getStyles={getStyles}
+        innerProps={props}
+        className={isDisabled && 'disabled'}
+      >
+        <input
+          style={{ width: '1.2rem', height: '1.2rem', borderRadius: '6px !important' }}
+          type="checkbox"
+          className="form-check-input"
+          checked={isSelected}
+          data-cy="group-check-input"
+        />
+        <div className="select-option">{children}</div>
+      </components.Option>
+    );
+  };
+
+  const MultiValue = (props) => {
+    // Check if props.data exists and is not "all"
+    if (!props.data?.isAllField) {
+      return (
+        <components.MultiValue {...props}>
+          <div className="selected-value">{props.data.name}</div>
+        </components.MultiValue>
+      );
+    }
+  };
+
+  const selectStyles = {
+    indicatorSeparator: (base) => ({
+      ...base,
+      display: 'none',
+    }),
+    option: (base) => ({
+      ...base,
+      '.select-option': {
+        margin: '0px 10px',
+      },
+    }),
+    multiValue: (base) => ({
+      ...base,
+      borderRadius: '6px',
+      backgroundColor: 'var(--slate3)',
+      color: 'var(--slate11)',
+      '.selected-value': {
+        padding: '0px 6px 1px 3px',
+        color: 'var(--slate11)',
+      },
+    }),
+    multiValueRemove: (base, state) => ({
+      ...base,
+      '&:hover': {
+        backgroundColor: 'var(--tomato3)',
+        color: 'var(--tomato9)',
+      },
+      paddingLeft: '0px',
+      ...(state.data.isFixed && { display: 'none' }),
+    }),
+    input: (base) => ({
+      ...base,
+      input: {
+        height: '25px !important',
+        color: 'var(--slate11) !important',
+      },
+    }),
+    control: (base) => ({
+      ...base,
+      outline: 'none',
+      border: '1px solid var(--slate7)',
+      boxShadow: 'none',
+      borderRadius: '6px',
+      background: 'unset',
+      '&:hover': {
+        border: '1px solid var(--slate8)',
+      },
+    }),
+    menuList: (base) => ({
+      ...base,
+      maxHeight: '200px',
+    }),
+    menu: (base) => ({
+      ...base,
+      background: 'var(--slate1)',
+      '.add-group-btn': {
+        display: 'flex',
+        justifyContent: 'flex-end',
+        padding: '8px',
+        borderTop: '1px solid var(--slate5)',
+        '.create-group': {
+          background: 'none !important',
+          '.rectangle-add-icon': {
+            width: '20px',
+            height: '20px',
+          },
+        },
+      },
+    }),
+  };
+
+  return (
+    <Select
+      isDisabled={props.disabled}
+      isMulti
+      width={'100%'}
+      isClearable={false}
+      hasSearch={true}
+      closeMenuOnSelect={false}
+      hideSelectedOptions={false}
+      className={darkMode && 'theme-dark dark-theme'}
+      components={{ Option: InputOption, MultiValue, IndicatorSeparator: null }}
+      {...props}
+      onChange={(selected) => {
+        const isCurrentSelectAll = props.value.find((app) => app?.isAllField)?.isAllField;
+        const isSelectAllPresentInSelection = selected.find((app) => app?.isAllField)?.isAllField;
+        if (
+          props.allowSelectAll &&
+          selected !== null &&
+          selected.length > 0 &&
+          isSelectAllPresentInSelection &&
+          !isCurrentSelectAll
+        ) {
+          if (props.value.find((app) => app?.isAllField)?.isAllField)
+            props.onChange(selected.filter((app) => !app?.isAllField));
+          return props.onChange([...props.options, props.allOption]);
+        }
+        if (isCurrentSelectAll && !isSelectAllPresentInSelection) return props.onChange([]);
+        return props.onChange(selected.filter((app) => !app?.isAllField));
+      }}
+      options={[props.allowSelectAll ? props.allOption : null, ...props.options]}
+      styles={selectStyles}
+      placeholder="Select apps.."
+      noOptionsMessage={() => 'No apps found'}
+    />
+    // </div>
+  );
+}
+
+AppsSelect.defaultProps = {
+  allOption: {
+    label: 'Select all',
+    value: '*',
+    isAllField: true,
+  },
+};
diff --git a/frontend/src/_ui/Modal/appSelect.theme.scss b/frontend/src/_ui/Modal/appSelect.theme.scss
new file mode 100644
index 0000000000..ed44556f63
--- /dev/null
+++ b/frontend/src/_ui/Modal/appSelect.theme.scss
@@ -0,0 +1,228 @@
+@import "../../_styles/colors.scss";
+
+.tj-ms-app {
+  position: relative;
+  transition: border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+  padding: 6px 10px;
+  gap: 17px;
+  width: 440px;
+  height: 32px;
+  background: var(--base) !important;
+  border: 1px solid var(--slate7);
+  border-radius: 6px !important;
+  display: flex;
+  align-items: center;
+
+
+  .select-search__select {
+    top: 34px;
+  }
+
+  .select-search__select,
+  .select-search-dark {
+    background-color: var(--base) !important;
+    box-shadow: 0px 32px 64px -12px rgba(16, 24, 40, 0.14);
+
+    &:focus-visible {
+      background: #F8FAFF;
+      border: 1px solid var(--indigo9);
+    }
+  }
+
+  .select-search__value {
+    background: var(--base);
+  }
+
+  .select-search__row {
+    border-top: none !important;
+  }
+
+  .select-search__option,
+  .select-search__not-found {
+    background-color: var(--base) !important;
+    color: var(--slate12);
+    border: 1px solid var(--slate5);
+    box-shadow: 0px 32px 64px -12px rgba(16, 24, 40, 0.14);
+    border-radius: 6px;
+    margin: 0 auto;
+  }
+
+  .select-search__input {
+    padding: 0 !important;
+    color: var(--slate9) !important;
+    background: var(--base) !important;
+  }
+
+  .select-search__select,
+  .select-search-dark__select {
+    display: none;
+  }
+
+  .has-focus>.select-search__select,
+  .has-focus>.select-search-dark__select {
+    display: block;
+  }
+
+
+  .select-search-dark.is-loading .select-search-dark__value::after {
+    background-size: 10px;
+  }
+
+  .select-search-dark__value::after {
+    right: 13px;
+    width: 10px;
+    height: 10px;
+  }
+
+  .select-search-dark:not(.is-loading) .select-search-dark__value::after {
+    right: 13px;
+    width: 6px;
+    height: 6px;
+  }
+
+  .select-search.is-loading .select-search__value::after {
+    background-size: 10px;
+  }
+
+  .select-search__value::after {
+    top: calc(50% - 4px);
+    right: 8px;
+    width: 10px;
+    height: 10px;
+  }
+
+  .select-search:not(.is-loading) .select-search__value::after {
+    right: 13px;
+    width: 6px;
+    height: 6px;
+  }
+
+  &:hover {
+    border-color: rgba(66, 153, 225, 0.1)
+  }
+
+  .tj-ms-preview {
+    padding: 3px 3px;
+
+    .count-main {
+      padding: 1px 3px 1px 7px;
+      border: 1px solid var(--slate5);
+      border-radius: 5px;
+      background-color: var(--slate8);
+      color: var(--slate12);
+
+      .selected-count {
+        padding-right: 5px;
+        font-size: .8rem;
+        line-height: 20px;
+        white-space: nowrap;
+      }
+
+      .select-close-btn {
+        color: #9a9191;
+        cursor: pointer;
+      }
+    }
+
+    .count-main:hover {
+      border: 1px solid #d1cccc;
+    }
+
+    svg {
+      width: 1rem;
+    }
+  }
+
+  .select-search,
+  .select-search-dark {
+    position: unset;
+
+    input {
+      border: none;
+      text-overflow: ellipsis;
+      white-space: nowrap;
+      overflow: hidden;
+    }
+  }
+
+  .select-search-dark__input {
+    background-color: var(--base);
+    border: none;
+  }
+
+  .select-search-dark__select {
+    background-color: var(--base);
+    padding: 14px;
+    border: 1px solid var(--slate5);
+    box-shadow: 0px 32px 64px -12px rgba(16, 24, 40, 0.14);
+    border-radius: 6px;
+    top: 34px !important;
+
+    ul {
+      width: 100%;
+
+
+      li {
+        .item-renderer {
+          display: flex;
+          flex-direction: row;
+          justify-content: space-between;
+          align-items: center;
+          height: 60px;
+
+
+          div {
+            display: flex;
+          }
+        }
+
+      }
+    }
+  }
+}
+
+.tj-ms-count-app {
+  border-radius: 2px;
+  display: flex;
+
+  .tj-ms-preview {
+    display: flex;
+    align-items: center;
+  }
+}
+
+.tj-ms-count-app {
+  &:hover {
+    border: 1px solid var(--indigo9) !important;
+  }
+
+  &:focus-visible {
+    border: 1px solid var(--indigo9);
+  }
+}
+
+.selected-section {
+  overflow: auto;
+
+  .tj-ms-app {
+    border: none;
+    background-color: unset;
+    float: left;
+  }
+
+  .selected-heading {
+    padding: 1px 7px 1px 7px;
+    margin: 6px 2px 6px 5px;
+    border-radius: 6px;
+    font-weight: 500;
+    float: left;
+  }
+
+  .selected-text {
+    line-height: 24px;
+    font-weight: 300;
+    margin: 6px 0px;
+    white-space: nowrap;
+    float: left;
+  }
+}
\ No newline at end of file
diff --git a/frontend/src/_ui/Modal/index.jsx b/frontend/src/_ui/Modal/index.jsx
index 3279247d13..a67deaee7f 100644
--- a/frontend/src/_ui/Modal/index.jsx
+++ b/frontend/src/_ui/Modal/index.jsx
@@ -2,6 +2,7 @@ import React from 'react';
 import Modal from 'react-bootstrap/Modal';
 import { ButtonSolid } from '@/_ui/AppButton/AppButton';
 import SolidIcon from '@/_ui/Icon/SolidIcons';
+import { ToolTip } from '@/_components/ToolTip';
 
 export default function ModalBase({
   show,
@@ -14,14 +15,16 @@ export default function ModalBase({
   isLoading,
   children,
   cancelDisabled,
+  className = '',
+  size = 'sm',
 }) {
   return (
     <Modal
       show={show}
       onHide={handleClose}
-      size="sm"
+      size={size}
       centered={true}
-      contentClassName={`${darkMode ? 'theme-dark dark-theme modal-base' : 'modal-base'}`}
+      contentClassName={`${className} ${darkMode ? 'theme-dark dark-theme modal-base' : 'modal-base'}`}
     >
       <Modal.Header>
         <Modal.Title className="font-weight-500" data-cy="modal-title">
@@ -44,16 +47,23 @@ export default function ModalBase({
         <ButtonSolid disabled={cancelDisabled} variant={'tertiary'} onClick={handleClose} data-cy="cancel-button">
           Cancel
         </ButtonSolid>
-        <ButtonSolid
-          disabled={isLoading || confirmBtnProps?.disabled}
-          isLoading={isLoading}
-          variant={confirmBtnProps?.variant || 'primary'}
-          onClick={handleConfirm}
-          {...confirmBtnProps}
-          data-cy="confim-button"
+        <ToolTip
+          show={confirmBtnProps.tooltipMessage && confirmBtnProps?.disabled}
+          message={confirmBtnProps.tooltipMessage}
         >
-          {confirmBtnProps?.title || 'Continue'}
-        </ButtonSolid>
+          <div>
+            <ButtonSolid
+              disabled={isLoading || confirmBtnProps?.disabled}
+              isLoading={isLoading}
+              variant={confirmBtnProps?.variant || 'primary'}
+              onClick={handleConfirm}
+              {...confirmBtnProps}
+              data-cy="confim-button"
+            >
+              {confirmBtnProps?.title || 'Continue'}
+            </ButtonSolid>
+          </div>
+        </ToolTip>
       </Modal.Footer>
     </Modal>
   );
diff --git a/package.json b/package.json
index ff844d431c..30578cbfe1 100644
--- a/package.json
+++ b/package.json
@@ -20,6 +20,8 @@
   "devDependencies": {
     "@tooljet/cli": "^0.0.13",
     "eslint": "^8.56.0",
+    "eslint-plugin-jest": "^28.6.0",
+    "eslint-plugin-prettier": "^5.1.3",
     "husky": "^8.0.3",
     "lint-staged": "^13.1.2"
   },
@@ -52,5 +54,9 @@
     "heroku-postbuild": "./heroku-postbuild.sh",
     "prepare": "husky install",
     "update-version": "node update-version.js"
+  },
+  "dependencies": {
+    "@typescript-eslint/eslint-plugin": "^7.12.0",
+    "eslint-config-prettier": "^9.1.0"
   }
 }
\ No newline at end of file
diff --git a/server/ee/services/oauth/oauth.service.ts b/server/ee/services/oauth/oauth.service.ts
index dc6860a3b1..707bab6e03 100644
--- a/server/ee/services/oauth/oauth.service.ts
+++ b/server/ee/services/oauth/oauth.service.ts
@@ -24,6 +24,7 @@ import { GitOAuthService } from './git_oauth.service';
 import { GoogleOAuthService } from './google_oauth.service';
 import UserResponse from './models/user_response';
 import { Response } from 'express';
+import { USER_ROLE } from '@module/user_resource_permissions/constants/group-permissions.constant';
 import { SIGNUP_ERRORS } from 'src/helpers/errors.constants';
 const uuid = require('uuid');
 
@@ -61,14 +62,13 @@ export class OauthService {
       const { name, slug } = generateNextNameAndSlug('My workspace');
       defaultOrganization = await this.organizationService.create(name, slug, null, manager);
     }
-
-    const groups = ['all_users'];
     /* Default password for sso-signed workspace user */
     const password = uuid.v4();
     user = await this.usersService.create(
       { firstName, lastName, email, ...getUserStatusAndSource(lifecycleEvents.USER_SSO_VERIFY, sso), password },
       organization.id,
-      groups,
+      //Adding user as END-USER on workspace signup
+      USER_ROLE.END_USER,
       user,
       true,
       defaultOrganization?.id,
@@ -86,7 +86,6 @@ export class OauthService {
     if (defaultOrganization) {
       // Setting up default organization
       await this.organizationUsersService.create(user, defaultOrganization, true, manager);
-      await this.usersService.attachUserGroup(['all_users', 'admin'], defaultOrganization.id, user.id, manager);
     }
     return user;
   }
@@ -237,7 +236,6 @@ export class OauthService {
           const { name, slug } = generateNextNameAndSlug('My workspace');
           defaultOrganization = await this.organizationService.create(name, slug, null, manager);
 
-          const groups = ['all_users', 'admin'];
           userDetails = await this.usersService.create(
             {
               firstName: userResponse.firstName,
@@ -246,7 +244,8 @@ export class OauthService {
               ...getUserStatusAndSource(lifecycleEvents.USER_SSO_VERIFY, sso),
             },
             defaultOrganization.id,
-            groups,
+            //Adding as admin since this is instance login
+            USER_ROLE.ADMIN,
             null,
             true,
             null,
diff --git a/server/migrations/1714015513342-AddGroupPermissionsTable.ts b/server/migrations/1714015513342-AddGroupPermissionsTable.ts
new file mode 100644
index 0000000000..82cde7266a
--- /dev/null
+++ b/server/migrations/1714015513342-AddGroupPermissionsTable.ts
@@ -0,0 +1,37 @@
+import { MigrationInterface, QueryRunner } from 'typeorm';
+import { DATA_BASE_CONSTRAINTS } from '@module/user_resource_permissions/constants/group-permissions.constant';
+
+export class AddGroupPermissionsTable1714015513342 implements MigrationInterface {
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `
+       CREATE TYPE group_permissions_type AS ENUM ('custom', 'default');
+        `
+    );
+
+    //Remove data source level permissions in CE
+    await queryRunner.query(`
+    CREATE TABLE IF NOT EXISTS permission_groups (
+        id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+        organization_id UUID,
+        name VARCHAR(50) NOT NULL,
+        type group_permissions_type NOT NULL DEFAULT 'custom',
+        app_create BOOLEAN DEFAULT false,
+        app_delete BOOLEAN DEFAULT false,
+        folder_crud BOOLEAN DEFAULT false,
+        org_constant_crud BOOLEAN DEFAULT false,
+        data_source_create BOOLEAN DEFAULT false,
+        data_source_delete BOOLEAN DEFAULT false,
+        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+        updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+        CONSTRAINT fk_organization_id FOREIGN KEY (organization_id) REFERENCES organizations(id) ON DELETE CASCADE,
+        CONSTRAINT ${DATA_BASE_CONSTRAINTS.GROUP_NAME_UNIQUE.dbConstraint} UNIQUE (organization_id, name)
+    );
+        `);
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`DROP TABLE IF EXISTS permission_groups`);
+    await queryRunner.query(`DROP TYPE IF EXISTS group_permissions_type;`);
+  }
+}
diff --git a/server/migrations/1714015541245-AddGroupUsersTable.ts b/server/migrations/1714015541245-AddGroupUsersTable.ts
new file mode 100644
index 0000000000..e8f4893e99
--- /dev/null
+++ b/server/migrations/1714015541245-AddGroupUsersTable.ts
@@ -0,0 +1,25 @@
+import { DATA_BASE_CONSTRAINTS } from '@module/user_resource_permissions/constants/group-permissions.constant';
+import { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class AddGroupUsersTable1714015541245 implements MigrationInterface {
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `
+    CREATE TABLE IF NOT EXISTS group_users (
+        id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+        user_id UUID NOT NULL,
+        group_id UUID NOT NULL,
+        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+        updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+        CONSTRAINT fk_user_id FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
+        CONSTRAINT fk_group_id FOREIGN KEY (group_id) REFERENCES permission_groups(id) ON DELETE CASCADE,
+        CONSTRAINT ${DATA_BASE_CONSTRAINTS.GROUP_USER_UNIQUE.dbConstraint} UNIQUE (user_id, group_id)
+    );
+        `
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`DROP TABLE IF EXISTS group_users`);
+  }
+}
diff --git a/server/migrations/1714015564318-AddGranularPermissionsTable.ts b/server/migrations/1714015564318-AddGranularPermissionsTable.ts
new file mode 100644
index 0000000000..cda5b8476d
--- /dev/null
+++ b/server/migrations/1714015564318-AddGranularPermissionsTable.ts
@@ -0,0 +1,32 @@
+import { DATA_BASE_CONSTRAINTS } from '@module/user_resource_permissions/constants/group-permissions.constant';
+import { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class AddGranularPermissionsTable1714015564318 implements MigrationInterface {
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `
+        CREATE TYPE resource_type AS ENUM ('app', 'data_source');  
+       `
+    );
+
+    await queryRunner.query(
+      `
+      CREATE TABLE granular_permissions (
+        id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+        group_id UUID,
+        name VARCHAR(50) NOT NULL,
+        type resource_type NOT NULL,
+        is_all BOOLEAN DEFAULT true,
+        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+        updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+        CONSTRAINT fk_group_id FOREIGN KEY (group_id) REFERENCES permission_groups(id) ON DELETE CASCADE,
+        CONSTRAINT ${DATA_BASE_CONSTRAINTS.GRANULAR_PERMISSIONS_NAME_UNIQUE.dbConstraint} UNIQUE (name, group_id)
+    );  
+       `
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`DROP TABLE IF EXISTS granular_permissions`);
+  }
+}
diff --git a/server/migrations/1714015596201-AddAppsGroupPermissionsTable.ts b/server/migrations/1714015596201-AddAppsGroupPermissionsTable.ts
new file mode 100644
index 0000000000..efb280ec08
--- /dev/null
+++ b/server/migrations/1714015596201-AddAppsGroupPermissionsTable.ts
@@ -0,0 +1,28 @@
+import { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class AddAppsGroupPermissionsTable1714015596201 implements MigrationInterface {
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `
+        CREATE TABLE IF NOT EXISTS apps_group_permissions (
+            id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+            granular_permission_id UUID,
+            can_edit BOOLEAN DEFAULT false,
+            can_view BOOLEAN DEFAULT false,
+            hide_from_dashboard BOOLEAN DEFAULT false,
+            created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+            updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+            CONSTRAINT fk_granular_permission_id FOREIGN KEY (granular_permission_id) REFERENCES granular_permissions(id) ON DELETE CASCADE
+        );
+            `
+    );
+
+    await queryRunner.query(
+      `CREATE INDEX idx_granular_permission_id ON apps_group_permissions(granular_permission_id);`
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`DROP TABLE IF EXISTS apps_group_permissions`);
+  }
+}
diff --git a/server/migrations/1714015615904-AddGroupAppsTable.ts b/server/migrations/1714015615904-AddGroupAppsTable.ts
new file mode 100644
index 0000000000..67c46d6287
--- /dev/null
+++ b/server/migrations/1714015615904-AddGroupAppsTable.ts
@@ -0,0 +1,23 @@
+import { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class AddGroupAppsTable1714015615904 implements MigrationInterface {
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `
+    CREATE TABLE IF NOT EXISTS group_apps (
+        id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+        app_id UUID,
+        apps_group_permissions_id UUID,
+        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+        updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+        CONSTRAINT fk_app_id FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE CASCADE,
+        CONSTRAINT fk_apps_group_permissions_id FOREIGN KEY (apps_group_permissions_id) REFERENCES apps_group_permissions(id) ON DELETE CASCADE
+);
+            `
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`DROP TABLE IF EXISTS group_apps`);
+  }
+}
diff --git a/server/migrations/1720352990850-CreateDefaultGroupInExistingWorkspace.ts b/server/migrations/1720352990850-CreateDefaultGroupInExistingWorkspace.ts
new file mode 100644
index 0000000000..01624e6946
--- /dev/null
+++ b/server/migrations/1720352990850-CreateDefaultGroupInExistingWorkspace.ts
@@ -0,0 +1,149 @@
+import { CreateGranularPermissionDto } from '@dto/granular-permissions.dto';
+import {
+  DEFAULT_GRANULAR_PERMISSIONS_NAME,
+  DEFAULT_RESOURCE_PERMISSIONS,
+  ResourceType,
+} from '@module/user_resource_permissions/constants/granular-permissions.constant';
+import {
+  USER_ROLE,
+  DEFAULT_GROUP_PERMISSIONS_MIGRATIONS,
+} from '@module/user_resource_permissions/constants/group-permissions.constant';
+import {
+  CreateResourcePermissionObject,
+  ResourcePermissionMetaData,
+} from '@module/user_resource_permissions/interface/granular-permissions.interface';
+import { AppsGroupPermissions } from 'src/entities/apps_group_permissions.entity';
+import { GranularPermissions } from 'src/entities/granular_permissions.entity';
+import { GroupPermissions } from 'src/entities/group_permissions.entity';
+import { Organization } from 'src/entities/organization.entity';
+import { UserGroupPermission } from 'src/entities/user_group_permission.entity';
+import { EntityManager, MigrationInterface, QueryRunner } from 'typeorm';
+
+export class CreateDefaultGroupInExistingWorkspace1720352990850 implements MigrationInterface {
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    const manager = queryRunner.manager;
+    const organizationIds = (
+      await manager.find(Organization, {
+        select: ['id'],
+      })
+    ).map((organization) => organization.id);
+
+    for (const organizationId of organizationIds) {
+      for (const defaultGroup of Object.keys(USER_ROLE)) {
+        const groupPermissions = DEFAULT_GROUP_PERMISSIONS_MIGRATIONS[defaultGroup];
+        const query = `
+          INSERT INTO permission_groups (
+            organization_id,
+            name,
+            type,
+            app_create,
+            app_delete,
+            folder_crud,
+            org_constant_crud,
+            data_source_create,
+            data_source_delete
+          ) VALUES (
+            '${organizationId}',
+            '${groupPermissions.name}',
+            '${groupPermissions.type}',
+            ${groupPermissions.appCreate},
+            ${groupPermissions.appDelete},
+            ${groupPermissions.folderCRUD},
+            ${groupPermissions.orgConstantCRUD},
+            ${groupPermissions.dataSourceCreate},
+            ${groupPermissions.dataSourceDelete}
+          ) RETURNING *;
+        `;
+        const group: GroupPermissions = (await manager.query(query))[0];
+        const groupGranularPermissions: Record<ResourceType, CreateResourcePermissionObject> =
+          DEFAULT_RESOURCE_PERMISSIONS[group.name];
+
+        for (const resource of Object.keys(groupGranularPermissions)) {
+          const createResourcePermissionObj: CreateResourcePermissionObject = groupGranularPermissions[resource];
+          const dtoObject = {
+            name: DEFAULT_GRANULAR_PERMISSIONS_NAME[resource],
+            groupId: group.id,
+            type: resource as ResourceType,
+            isAll: true,
+            createAppsPermissionsObject: {},
+          };
+          if (group.name === USER_ROLE.ADMIN) {
+            const granularPermissions = await this.createGranularPermission(manager, dtoObject);
+            await this.createAppsResourcePermission(
+              manager,
+              { granularPermissions, organizationId },
+              createResourcePermissionObj
+            );
+          }
+        }
+        //Migrating Admins to new Admins
+        if (group.name === USER_ROLE.ADMIN) {
+          const adminsUsers = await manager
+            .createQueryBuilder(UserGroupPermission, 'usersGroup')
+            .innerJoin(
+              'usersGroup.groupPermission',
+              'groupPermission',
+              'groupPermission.organizationId = :organizationId',
+              {
+                organizationId,
+              }
+            )
+            .where('groupPermission.group = :admin', {
+              admin: 'admin',
+            })
+            .getMany();
+          const userIds = adminsUsers.map((userGroup) => userGroup.userId);
+          await this.migrateUserGroup(manager, userIds, group.id);
+        }
+      }
+    }
+  }
+
+  async createGranularPermission(
+    manager: EntityManager,
+    createObject: CreateGranularPermissionDto
+  ): Promise<GranularPermissions> {
+    const query = `
+      INSERT INTO granular_permissions (
+        group_id,
+        name,
+        type,
+        is_all
+      ) VALUES (
+        '${createObject.groupId}', '${createObject.name}', '${createObject.type}', ${createObject.isAll}
+      ) RETURNING *;
+    `;
+    return (await manager.query(query))[0];
+  }
+
+  async createAppsResourcePermission(
+    manager: EntityManager,
+    createMeta: ResourcePermissionMetaData,
+    createObject: CreateResourcePermissionObject
+  ): Promise<AppsGroupPermissions> {
+    const { granularPermissions } = createMeta;
+    const query = `
+      INSERT INTO apps_group_permissions (
+        granular_permission_id,
+        can_edit,
+        can_view,
+        hide_from_dashboard
+      ) VALUES (
+        '${granularPermissions.id}', ${createObject.canEdit}, ${createObject.canView}, ${createObject.hideFromDashboard}
+      ) RETURNING *;
+    `;
+    return (await manager.query(query))[0];
+  }
+
+  async migrateUserGroup(manager: EntityManager, userIds: string[], groupId: string) {
+    if (userIds.length == 0) return;
+    const valuesString = userIds.map((id) => `('${id}', '${groupId}')`).join(',');
+    const query = `
+      INSERT INTO group_users (user_id, group_id)
+      VALUES ${valuesString};
+    `;
+    return await manager.query(query);
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {}
+}
diff --git a/server/migrations/1720365772516-AddingUsersToRespectiveRolesBuilderAndEndUsers.ts b/server/migrations/1720365772516-AddingUsersToRespectiveRolesBuilderAndEndUsers.ts
new file mode 100644
index 0000000000..25463d3ca7
--- /dev/null
+++ b/server/migrations/1720365772516-AddingUsersToRespectiveRolesBuilderAndEndUsers.ts
@@ -0,0 +1,124 @@
+import {
+  GROUP_PERMISSIONS_TYPE,
+  USER_ROLE,
+} from '@module/user_resource_permissions/constants/group-permissions.constant';
+import { GroupPermissions } from 'src/entities/group_permissions.entity';
+import { Organization } from 'src/entities/organization.entity';
+import { OrganizationUser } from 'src/entities/organization_user.entity';
+import { User } from 'src/entities/user.entity';
+import { UserGroupPermission } from 'src/entities/user_group_permission.entity';
+import { Brackets, EntityManager, MigrationInterface, QueryRunner } from 'typeorm';
+
+export class AddingUsersToRespectiveRolesBuilderAndEndUsers1720365772516 implements MigrationInterface {
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    const manager = queryRunner.manager;
+    const organizationIds = (
+      await manager.find(Organization, {
+        select: ['id'],
+      })
+    ).map((organization) => organization.id);
+    await this.getAndConvertEditorBuilderUsers(manager, organizationIds);
+  }
+
+  async getAndConvertEditorBuilderUsers(manager: EntityManager, organizationIds: string[]) {
+    for (const organizationId of organizationIds) {
+      const userIdsWithEditPermissions = (
+        await manager
+          .createQueryBuilder(User, 'users')
+          .innerJoin(
+            'users.organizationUsers',
+            'organization_users',
+            'organization_users.organizationId = :organizationId ',
+            {
+              organizationId,
+            }
+          )
+          .innerJoin(
+            'users.groupPermissions',
+            'group_permissions',
+            'organization_users.organizationId = group_permissions.organizationId'
+          )
+          .leftJoin('group_permissions.appGroupPermission', 'app_group_permissions')
+          .andWhere(
+            new Brackets((qb) => {
+              qb.where('app_group_permissions.read = true AND app_group_permissions.update = true').orWhere(
+                'group_permissions.appCreate = true'
+              );
+            })
+          )
+          .select('users.id')
+          .distinct()
+          .getMany()
+      ).map((record) => record.id);
+
+      const userIdsOfAppOwners = (
+        await manager
+          .createQueryBuilder(User, 'users')
+          .innerJoin(
+            'users.organizationUsers',
+            'organization_users',
+            'organization_users.organizationId = :organizationId',
+            {
+              organizationId,
+            }
+          )
+          .innerJoin('users.apps', 'apps')
+          .select('users.id')
+          .distinct()
+          .getMany()
+      ).map((record) => record.id);
+
+      const adminsUsers = (
+        await manager
+          .createQueryBuilder(UserGroupPermission, 'usersGroup')
+          .innerJoin(
+            'usersGroup.groupPermission',
+            'groupPermission',
+            'groupPermission.organizationId = :organizationId',
+            {
+              organizationId,
+            }
+          )
+          .where('groupPermission.group = :admin', {
+            admin: 'admin',
+          })
+          .getMany()
+      ).map((record) => record.userId);
+      const builderUsersWithAdmin = [...new Set([...userIdsWithEditPermissions, ...userIdsOfAppOwners])];
+      const builderUsersWoAdmin = builderUsersWithAdmin.filter((id) => !adminsUsers.includes(id));
+      const builderGroup = await manager.findOne(GroupPermissions, {
+        where: { name: USER_ROLE.BUILDER, type: GROUP_PERMISSIONS_TYPE.DEFAULT, organizationId: organizationId },
+      });
+      const endUserGroup = await manager.findOne(GroupPermissions, {
+        where: { name: USER_ROLE.END_USER, type: GROUP_PERMISSIONS_TYPE.DEFAULT, organizationId: organizationId },
+      });
+
+      console.log('Builders users');
+      console.log(builderUsersWoAdmin);
+
+      await this.migrateUserGroup(manager, builderUsersWoAdmin, builderGroup.id);
+      const organizationUser = (
+        await manager.find(OrganizationUser, {
+          where: {
+            organizationId,
+          },
+        })
+      ).map((record) => record.userId);
+      const builderAdminUsers = [...new Set([...builderUsersWoAdmin, ...adminsUsers])];
+      const endUsers = organizationUser.filter((userId) => !builderAdminUsers.includes(userId));
+      await this.migrateUserGroup(manager, endUsers, endUserGroup.id);
+    }
+  }
+
+  async migrateUserGroup(manager: EntityManager, userIds: string[], groupId: string) {
+    if (userIds.length === 0) return;
+    const valuesString = userIds.map((id) => `('${id}', '${groupId}')`).join(',');
+    const query = `
+      INSERT INTO group_users (user_id, group_id)
+      VALUES ${valuesString};
+    `;
+    return await manager.query(query);
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {}
+}
diff --git a/server/migrations/1720434737529-MigrateCustomGroupToNewUserGroup.ts b/server/migrations/1720434737529-MigrateCustomGroupToNewUserGroup.ts
new file mode 100644
index 0000000000..8cc12e70d9
--- /dev/null
+++ b/server/migrations/1720434737529-MigrateCustomGroupToNewUserGroup.ts
@@ -0,0 +1,213 @@
+import { CreateGranularPermissionDto } from '@dto/granular-permissions.dto';
+import {
+  DEFAULT_GRANULAR_PERMISSIONS_NAME,
+  ResourceType,
+} from '@module/user_resource_permissions/constants/granular-permissions.constant';
+import {
+  GROUP_PERMISSIONS_TYPE,
+  USER_ROLE,
+} from '@module/user_resource_permissions/constants/group-permissions.constant';
+import {
+  CreateResourcePermissionObject,
+  ResourcePermissionMetaData,
+} from '@module/user_resource_permissions/interface/granular-permissions.interface';
+import { AppGroupPermission } from 'src/entities/app_group_permission.entity';
+import { AppsGroupPermissions } from 'src/entities/apps_group_permissions.entity';
+import { GranularPermissions } from 'src/entities/granular_permissions.entity';
+import { GroupPermission } from 'src/entities/group_permission.entity';
+import { GroupPermissions } from 'src/entities/group_permissions.entity';
+import { Organization } from 'src/entities/organization.entity';
+import { EntityManager, MigrationInterface, QueryRunner } from 'typeorm';
+
+export class MigrateCustomGroupToNewUserGroup1720434737529 implements MigrationInterface {
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    const manager = queryRunner.manager;
+    const organizationIds = (
+      await manager.find(Organization, {
+        select: ['id'],
+      })
+    ).map((organization) => organization.id);
+    for (const organizationId of organizationIds) {
+      const groups = await manager
+        .createQueryBuilder(GroupPermission, 'groupPermission')
+        .where('groupPermission.organizationId = :organizationId', {
+          organizationId,
+        })
+        .leftJoinAndSelect('groupPermission.appGroupPermission', 'appGroupPermission')
+        .leftJoinAndSelect('groupPermission.userGroupPermission', 'userGroupPermission')
+        .andWhere('groupPermission.group != :admin', {
+          admin: 'admin',
+        })
+        .getMany();
+
+      for (const groupPermissions of groups) {
+        const query = `
+          INSERT INTO permission_groups (
+            organization_id,
+            name,
+            type,
+            app_create,
+            app_delete,
+            folder_crud,
+            org_constant_crud,
+            data_source_create,
+            data_source_delete
+          ) VALUES (
+            '${organizationId}',
+            '${this.getGroupName(groupPermissions.group)}',
+            '${GROUP_PERMISSIONS_TYPE.CUSTOM_GROUP}',
+            ${groupPermissions.appCreate},
+            ${groupPermissions.appDelete},
+            ${groupPermissions.folderCreate},
+            ${groupPermissions.orgEnvironmentConstantCreate},
+            false,
+            false
+          ) RETURNING *;
+        `;
+        const group: GroupPermissions = (await manager.query(query))[0];
+        const existingGroupUsers = groupPermissions.userGroupPermission;
+        await this.migrateUserGroup(manager, [...new Set(existingGroupUsers.map((record) => record.userId))], group.id);
+        const resources = [ResourceType.APP];
+        for (const resource of resources) {
+          if (resource === ResourceType.APP) {
+            const viewLevelAppsPermissions = groupPermissions.appGroupPermission.filter(
+              (appPermissions) => appPermissions.read
+            );
+            const updateLevelAppsPermissions = groupPermissions.appGroupPermission.filter(
+              (appPermissions) => appPermissions.update
+            );
+            const createResourcePermissionObjView: CreateResourcePermissionObject = {
+              canView: true,
+              canEdit: false,
+              hideFromDashboard: false,
+            };
+            await this.createAppLevelPermissions(
+              manager,
+              viewLevelAppsPermissions,
+              organizationId,
+              resource,
+              group,
+              createResourcePermissionObjView
+            );
+            const createResourcePermissionObjEdit: CreateResourcePermissionObject = {
+              canView: false,
+              canEdit: true,
+              hideFromDashboard: false,
+            };
+            await this.createAppLevelPermissions(
+              manager,
+              updateLevelAppsPermissions,
+              organizationId,
+              resource,
+              group,
+              createResourcePermissionObjEdit
+            );
+          }
+        }
+      }
+    }
+  }
+
+  getGroupName(name: string) {
+    switch (name) {
+      case USER_ROLE.BUILDER:
+        return `custom-${USER_ROLE.BUILDER}`;
+      case USER_ROLE.END_USER:
+        return `custom-${USER_ROLE.END_USER}`;
+      case 'all_users':
+        return `Custom All users`;
+      default:
+        return name;
+    }
+  }
+
+  async createGranularPermission(
+    manager: EntityManager,
+    createObject: CreateGranularPermissionDto
+  ): Promise<GranularPermissions> {
+    const query = `
+        INSERT INTO granular_permissions (
+            group_id,
+            name,
+            type,
+            is_all,
+            
+        ) VALUES (
+            ${createObject.groupId} , ${createObject.name} , ${createObject.type},${createObject.isAll}
+        ) RETURNING *;`;
+    return (await manager.query(query))[0];
+  }
+
+  async createAppsResourcePermission(
+    manager: EntityManager,
+    createMeta: ResourcePermissionMetaData,
+    createObject: CreateResourcePermissionObject
+  ): Promise<AppsGroupPermissions> {
+    const { granularPermissions } = createMeta;
+    const query = `
+    INSERT INTO apps_group_permissions (
+      granular_permission_id,
+      can_edit,
+      can_view,
+      hide_from_dashboard
+    ) VALUES (
+      ${granularPermissions.id},
+      ${createObject.canEdit},
+      ${createObject.canView},
+      ${createObject.hideFromDashboard}
+    ) RETURNING *;
+  `;
+    return (await manager.query(query))[0];
+  }
+
+  async migrateUserGroup(manager: EntityManager, userIds: string[], groupId: string) {
+    if (userIds.length == 0) return;
+    const valuesString = userIds.map((id) => `('${id}', '${groupId}')`).join(',');
+    const query = `
+      INSERT INTO group_users (user_id, group_id)
+      VALUES ${valuesString};
+    `;
+    return await manager.query(query);
+  }
+
+  async addAppsGroupToPermissions(manager: EntityManager, appIds: string[], appPermissionsId: string) {
+    const valuesString = appIds.map((id) => `('${id}', '${appPermissionsId}')`).join(',');
+    const query = `
+    INSERT INTO group_apps (app_id, apps_group_permissions_id)
+    VALUES ${valuesString};
+  `;
+    return await manager.query(query);
+  }
+
+  async createAppLevelPermissions(
+    manager: EntityManager,
+    appsPermissions: AppGroupPermission[],
+    organizationId: string,
+    resource: ResourceType,
+    group: GroupPermissions,
+    createResourcePermissionObj: CreateResourcePermissionObject
+  ) {
+    const nameInit = createResourcePermissionObj.canView ? 'Viewable' : 'Updatable';
+    if (appsPermissions.length === 0) return;
+    const dtoObject = {
+      name: `${nameInit} ${DEFAULT_GRANULAR_PERMISSIONS_NAME[resource]}`,
+      groupId: group.id,
+      type: resource as ResourceType,
+      isAll: false,
+      createAppsPermissionsObject: {},
+    };
+    const granularPermissions = await this.createGranularPermission(manager, dtoObject);
+    const appsGroupPermissions = await this.createAppsResourcePermission(
+      manager,
+      { granularPermissions, organizationId },
+      createResourcePermissionObj
+    );
+    await this.addAppsGroupToPermissions(
+      manager,
+      appsPermissions.map((record) => record.appId),
+      appsGroupPermissions.id
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {}
+}
diff --git a/server/migrations/1720513124281-DropGroupPermissionsOlderRelatedTables.ts b/server/migrations/1720513124281-DropGroupPermissionsOlderRelatedTables.ts
new file mode 100644
index 0000000000..8a47a54d64
--- /dev/null
+++ b/server/migrations/1720513124281-DropGroupPermissionsOlderRelatedTables.ts
@@ -0,0 +1,9 @@
+import { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class DropGroupPermissionsOlderRelatedTables1720513124281 implements MigrationInterface {
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    queryRunner.query('DROP TABLE group_permissions, user_group_permissions, app_group_permissions CASCADE;');
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {}
+}
diff --git a/server/src/app.module.ts b/server/src/app.module.ts
index 528e7ff241..6b38e22877 100644
--- a/server/src/app.module.ts
+++ b/server/src/app.module.ts
@@ -36,7 +36,6 @@ import { join } from 'path';
 import { LibraryAppModule } from './modules/library_app/library_app.module';
 import { ThreadModule } from './modules/thread/thread.module';
 import { EventsModule } from './events/events.module';
-import { GroupPermissionsModule } from './modules/group_permissions/group_permissions.module';
 import { TooljetDbModule } from './modules/tooljet_db/tooljet_db.module';
 import { PluginsModule } from './modules/plugins/plugins.module';
 import { CopilotModule } from './modules/copilot/copilot.module';
@@ -47,6 +46,8 @@ import { ScheduleModule } from '@nestjs/schedule';
 import { ImportExportResourcesModule } from './modules/import_export_resources/import_export_resources.module';
 import { MailerModule } from '@nestjs-modules/mailer';
 import { HandlebarsAdapter } from '@nestjs-modules/mailer/dist/adapters/handlebars.adapter';
+import { UserResourcePermissionsModule } from '@module/user_resource_permissions/user_resource_permissions.module';
+import { PermissionsModule } from '@module/permissions/permissions.module';
 
 const imports = [
   ScheduleModule.forRoot(),
@@ -130,7 +131,8 @@ const imports = [
   CaslModule,
   MetaModule,
   LibraryAppModule,
-  GroupPermissionsModule,
+  UserResourcePermissionsModule,
+  PermissionsModule,
   FilesModule,
   PluginsModule,
   EventsModule,
diff --git a/server/src/constants/global.constant.ts b/server/src/constants/global.constant.ts
new file mode 100644
index 0000000000..f2c40a2319
--- /dev/null
+++ b/server/src/constants/global.constant.ts
@@ -0,0 +1,96 @@
+export enum TOOLJET_RESOURCE {
+  APP = 'App',
+  ORGANIZATIONS = 'Organization',
+  USER = 'User',
+  PLUGINS = 'Plugins',
+  GLOBAL_DATA_SOURCE = 'GlobalDataSource',
+  DATA_QUERY = 'DataQueries',
+  THREAD = 'Thread',
+  COMMENT = 'Comment',
+  FOLDER = 'Folder',
+  ORGANIZATION_VARIABLE = 'OrgEnvironmentVariable',
+  ORGANIZATION_CONSTANT = 'OrganizationConstant',
+}
+
+export enum APP_RESOURCE_ACTIONS {
+  CREATE = 'create',
+  UPDATE = 'update',
+  DELETE = 'delete',
+  READ = 'read',
+  CLONE = 'clone',
+  EXPORT = 'export',
+  IMPORT = 'import',
+  VIEW = 'view',
+  EDIT = 'edit',
+  VERSIONS_CREATE = 'createVersions',
+  VERSION_UPDATE = 'updateVersions',
+  VERSION_DELETE = 'deleteVersions',
+  VERSION_READ = 'readVersions',
+}
+export enum GLOBAL_DATA_SOURCE_RESOURCE_ACTIONS {
+  CREATE = 'create',
+  DELETE = 'delete',
+  READ = 'read',
+  UPDATE = 'update',
+}
+export enum LOCAL_DATA_SOURCE_RESOURCE_ACTIONS {
+  CREATE = 'create',
+  DELETE = 'delete',
+  READ = 'read',
+  UPDATE = 'update',
+}
+export enum DATA_QUERIES_RESOURCE_ACTIONS {
+  CREATE = 'create',
+  DELETE = 'delete',
+  READ = 'read',
+  UPDATE = 'update',
+  RUN = 'run',
+}
+export enum ORGANIZATION_CONSTANT_RESOURCE_ACTIONS {
+  CREATE = 'create',
+  UPDATE = 'update',
+  DELETE = 'delete',
+}
+export enum ORGANIZATION_VARIABLE_ACTIONS {
+  CREATE = 'create',
+  UPDATE = 'update',
+  DELETE = 'delete',
+}
+export enum USER_RESOURCE_ACTIONS {
+  CREATE = 'create',
+  UPDATE = 'update',
+  DELETE = 'delete',
+  READ = 'read',
+}
+export enum ORGANIZATION_RESOURCE_ACTIONS {
+  USER_INVITE = 'inviteUsers',
+  USER_ARCHIVE = 'archiveUser',
+  EDIT_ROLE = 'changeRole',
+  ACCESS_PERMISSIONS = 'accessGroupPermission',
+  UPDATE = 'update',
+  VIEW_ALL_USERS = 'viewAllUsers',
+  UPDATE_USERS = 'updateUser',
+}
+export enum FOLDER_RESOURCE_ACTION {
+  CREATE = 'create',
+  UPDATE = 'update',
+  DELETE = 'delete',
+}
+export enum COMMENT_RESOURCE_ACTION {
+  CREATE = 'create',
+  UPDATE = 'update',
+  DELETE = 'delete',
+  READ = 'read',
+}
+export enum THREAD_RESOURCE_ACTION {
+  CREATE = 'create',
+  UPDATE = 'update',
+  DELETE = 'delete',
+  READ = 'read',
+}
+
+export enum PLUGIN_RESOURCE_ACTION {
+  INSTALL = 'install',
+  UPDATE = 'update',
+  DELETE = 'delete',
+}
diff --git a/server/src/controllers/app.controller.ts b/server/src/controllers/app.controller.ts
index 622b10a60b..654cceb12d 100644
--- a/server/src/controllers/app.controller.ts
+++ b/server/src/controllers/app.controller.ts
@@ -88,6 +88,7 @@ export class AppController {
 
     let app: { organizationId: string; isPublic: boolean };
     if (appId) {
+      //TODO: This function should not be part pf userService
       app = await this.userService.returnOrgIdOfAnApp(appId);
     }
 
diff --git a/server/src/controllers/app_environments.controller.ts b/server/src/controllers/app_environments.controller.ts
index b15a9fc199..297745313b 100644
--- a/server/src/controllers/app_environments.controller.ts
+++ b/server/src/controllers/app_environments.controller.ts
@@ -8,12 +8,14 @@ import { GlobalDataSourceAbilityFactory } from 'src/modules/casl/abilities/globa
 import { DataSource } from 'src/entities/data_source.entity';
 import { OrgEnvironmentVariablesAbilityFactory } from 'src/modules/casl/abilities/org-environment-variables-ability.factory';
 import { OrgEnvironmentVariable } from 'src/entities/org_envirnoment_variable.entity';
+import { AbilityService } from '@services/permissions-ability.service';
 import { AppEnvironmentActionParametersDto } from '@dto/environment_action_parameters.dto';
 
 @Controller('app-environments')
 export class AppEnvironmentsController {
   constructor(
     private appEnvironmentServices: AppEnvironmentService,
+    private service: AbilityService,
     private globalDataSourcesAbilityFactory: GlobalDataSourceAbilityFactory,
     private orgEnvironmentVariablesAbilityFactory: OrgEnvironmentVariablesAbilityFactory
   ) {}
diff --git a/server/src/controllers/app_import_export.controller.ts b/server/src/controllers/app_import_export.controller.ts
index 4865706868..6800b9c21c 100644
--- a/server/src/controllers/app_import_export.controller.ts
+++ b/server/src/controllers/app_import_export.controller.ts
@@ -7,6 +7,7 @@ import { App } from 'src/entities/app.entity';
 import { AppImportExportService } from '@services/app_import_export.service';
 import { User } from 'src/decorators/user.decorator';
 import { AppImportDto } from '@dto/app-import.dto';
+import { APP_RESOURCE_ACTIONS } from 'src/constants/global.constant';
 
 @Controller('apps')
 export class AppsImportExportController {
@@ -21,7 +22,7 @@ export class AppsImportExportController {
   async import(@User() user, @Body() appImportDto: AppImportDto) {
     const ability = await this.appsAbilityFactory.appsActions(user);
 
-    if (!ability.can('createApp', App)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.IMPORT, App)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
     const { name: appName, app: appContent } = appImportDto;
@@ -35,7 +36,7 @@ export class AppsImportExportController {
     const appToExport = await this.appsService.find(id);
     const ability = await this.appsAbilityFactory.appsActions(user, id);
 
-    if (!ability.can('cloneApp', appToExport)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.CLONE, appToExport)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
diff --git a/server/src/controllers/apps.controller.ts b/server/src/controllers/apps.controller.ts
index 84b275e3ee..a4a359f7ff 100644
--- a/server/src/controllers/apps.controller.ts
+++ b/server/src/controllers/apps.controller.ts
@@ -31,6 +31,7 @@ import { ValidAppInterceptor } from 'src/interceptors/valid.app.interceptor';
 import { AppDecorator } from 'src/decorators/app.decorator';
 import { AppCloneDto } from '@dto/app-clone.dto';
 import { HttpException, HttpStatus } from '@nestjs/common';
+import { APP_RESOURCE_ACTIONS } from 'src/constants/global.constant';
 
 @Controller('apps')
 export class AppsController {
@@ -47,17 +48,18 @@ export class AppsController {
     const name = appCreateDto.name;
     const icon = appCreateDto.icon;
 
-    if (!ability.can('createApp', App)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.CREATE, App)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
     return await dbTransactionWrap(async (manager: EntityManager) => {
       const app = await this.appsService.create(name, user, manager);
-
+      console.log('okay till here');
       const appUpdateDto = new AppUpdateDto();
       appUpdateDto.name = name;
       appUpdateDto.slug = app.id;
       appUpdateDto.icon = icon;
+
       await this.appsService.update(app.id, appUpdateDto, manager);
 
       return decamelizeKeys(app);
@@ -76,7 +78,7 @@ export class AppsController {
     const app: App = await this.appsService.findAppWithIdOrSlug(appSlug);
 
     const ability = await this.appsAbilityFactory.appsActions(user, app.id);
-    if (!ability.can('viewApp', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VIEW, app)) {
       throw new ForbiddenException(
         JSON.stringify({
           organizationId: app.organizationId,
@@ -84,7 +86,7 @@ export class AppsController {
       );
     }
 
-    if (accessType === 'edit' && !ability.can('editApp', app)) {
+    if (accessType === 'edit' && !ability.can(APP_RESOURCE_ACTIONS.EDIT, app)) {
       throw new ForbiddenException(
         JSON.stringify({
           organizationId: app.organizationId,
@@ -99,7 +101,7 @@ export class AppsController {
     };
     /* If the request comes from preview which needs version id */
     if (versionName || versionId) {
-      if (!ability.can('fetchVersions', app)) {
+      if (!ability.can(APP_RESOURCE_ACTIONS.VERSION_READ, app)) {
         throw new ForbiddenException(
           JSON.stringify({
             organizationId: app.organizationId,
@@ -125,7 +127,7 @@ export class AppsController {
   @Get(':id')
   async show(@User() user, @AppDecorator() app: App) {
     const ability = await this.appsAbilityFactory.appsActions(user, app.id);
-    if (!ability.can('viewApp', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VIEW, app)) {
       throw new ForbiddenException(
         JSON.stringify({
           organizationId: app.organizationId,
@@ -166,7 +168,7 @@ export class AppsController {
     if (user) {
       const ability = await this.appsAbilityFactory.appsActions(user, app.id);
 
-      if (!ability.can('viewApp', app)) {
+      if (!ability.can(APP_RESOURCE_ACTIONS.VIEW, app)) {
         throw new ForbiddenException(
           JSON.stringify({
             organizationId: app.organizationId,
@@ -174,7 +176,7 @@ export class AppsController {
         );
       }
 
-      editPermission = ability.can('editApp', app);
+      editPermission = ability.can(APP_RESOURCE_ACTIONS.EDIT, app);
     }
 
     if (!app.currentVersionId) {
@@ -199,7 +201,7 @@ export class AppsController {
     if (user) {
       const ability = await this.appsAbilityFactory.appsActions(user, app.id);
 
-      if (!ability.can('viewApp', app)) {
+      if (!ability.can(APP_RESOURCE_ACTIONS.VIEW, app)) {
         throw new ForbiddenException(
           JSON.stringify({
             organizationId: app.organizationId,
@@ -230,7 +232,7 @@ export class AppsController {
   async update(@User() user, @AppDecorator() app: App, @Body('app') appUpdateDto: AppUpdateDto) {
     const ability = await this.appsAbilityFactory.appsActions(user, app.id);
 
-    if (!ability.can('updateParams', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.UPDATE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -247,7 +249,7 @@ export class AppsController {
   async clone(@User() user, @AppDecorator() app: App, @Body() appCloneDto: AppCloneDto) {
     const ability = await this.appsAbilityFactory.appsActions(user, app.id);
 
-    if (!ability.can('cloneApp', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.CLONE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
     const appName = appCloneDto.name;
@@ -283,8 +285,9 @@ export class AppsController {
 
     if (folderId) {
       const folder = await this.foldersService.findOne(folderId);
-      apps = await this.foldersService.getAppsFor(user, folder, page, searchKey);
-      totalFolderCount = await this.foldersService.userAppCount(user, folder, searchKey);
+      const { viewableApps, totalCount } = await this.foldersService.getAppsFor(user, folder, page, searchKey);
+      apps = viewableApps;
+      totalFolderCount = totalCount;
     } else {
       apps = await this.appsService.all(user, page, searchKey);
     }
@@ -329,7 +332,7 @@ export class AppsController {
   async fetchVersions(@User() user, @AppDecorator() app: App) {
     const ability = await this.appsAbilityFactory.appsActions(user, app.id);
 
-    if (!ability.can('fetchVersions', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VERSION_READ, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -346,7 +349,7 @@ export class AppsController {
   async createVersion(@User() user, @AppDecorator() app: App, @Body() versionCreateDto: VersionCreateDto) {
     const ability = await this.appsAbilityFactory.appsActions(user, app.id);
 
-    if (!ability.can('createVersions', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VERSIONS_CREATE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -372,7 +375,7 @@ export class AppsController {
     }
     const ability = await this.appsAbilityFactory.appsActions(user, app.id);
 
-    if (!ability.can('fetchVersions', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VERSION_READ, app)) {
       throw new ForbiddenException(
         JSON.stringify({
           organizationId: app.organizationId,
@@ -400,7 +403,7 @@ export class AppsController {
     }
     const ability = await this.appsAbilityFactory.appsActions(user, id);
 
-    if (!ability.can('updateVersions', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VERSION_UPDATE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -420,7 +423,7 @@ export class AppsController {
     }
     const ability = await this.appsAbilityFactory.appsActions(user, id);
 
-    if (!version || !ability.can('deleteVersions', app)) {
+    if (!version || !ability.can(APP_RESOURCE_ACTIONS.VERSION_DELETE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -439,7 +442,7 @@ export class AppsController {
   async updateIcon(@User() user, @AppDecorator() app: App, @Body('icon') icon) {
     const ability = await this.appsAbilityFactory.appsActions(user, app.id);
 
-    if (!ability.can('updateIcon', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.UPDATE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -455,7 +458,7 @@ export class AppsController {
   async tables(@User() user, @AppDecorator() app: App) {
     const ability = await this.appsAbilityFactory.appsActions(user, app.id);
 
-    if (!ability.can('cloneApp', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.CLONE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
diff --git a/server/src/controllers/apps.controller.v2.ts b/server/src/controllers/apps.controller.v2.ts
index ddec27d9a1..44e08fd56c 100644
--- a/server/src/controllers/apps.controller.v2.ts
+++ b/server/src/controllers/apps.controller.v2.ts
@@ -32,6 +32,7 @@ import { PageService } from '@services/page.service';
 import { EventsService } from '@services/events_handler.service';
 import { AppVersionUpdateDto } from '@dto/app-version-update.dto';
 import { CreateEventHandlerDto, UpdateEventHandlerDto } from '@dto/event-handler.dto';
+import { APP_RESOURCE_ACTIONS } from 'src/constants/global.constant';
 import { VersionReleaseDto } from '@dto/version-release.dto';
 
 @Controller({
@@ -53,7 +54,7 @@ export class AppsControllerV2 {
   @Get(':id')
   async show(@User() user, @AppDecorator() app: App, @Query('access_type') accessType: string) {
     const ability = await this.appsAbilityFactory.appsActions(user, app.id);
-    if (!ability.can('viewApp', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VIEW, app)) {
       throw new ForbiddenException(
         JSON.stringify({
           organizationId: app.organizationId,
@@ -61,7 +62,7 @@ export class AppsControllerV2 {
       );
     }
 
-    if (accessType === 'edit' && !ability.can('editApp', app)) {
+    if (accessType === 'edit' && !ability.can(APP_RESOURCE_ACTIONS.EDIT, app)) {
       throw new ForbiddenException(
         JSON.stringify({
           organizationId: app.organizationId,
@@ -112,7 +113,7 @@ export class AppsControllerV2 {
     if (user) {
       const ability = await this.appsAbilityFactory.appsActions(user, app.id);
 
-      if (!ability.can('viewApp', app)) {
+      if (!ability.can(APP_RESOURCE_ACTIONS.VIEW, app)) {
         throw new ForbiddenException(
           JSON.stringify({
             organizationId: app.organizationId,
@@ -157,7 +158,7 @@ export class AppsControllerV2 {
     }
     const ability = await this.appsAbilityFactory.appsActions(user, app.id);
 
-    if (!ability.can('fetchVersions', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VERSION_READ, app)) {
       throw new ForbiddenException(
         JSON.stringify({
           organizationId: app.organizationId,
@@ -203,7 +204,7 @@ export class AppsControllerV2 {
     }
     const ability = await this.appsAbilityFactory.appsActions(user, id);
 
-    if (!ability.can('updateVersions', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VERSION_UPDATE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -227,7 +228,7 @@ export class AppsControllerV2 {
     }
     const ability = await this.appsAbilityFactory.appsActions(user, id);
 
-    if (!ability.can('updateVersions', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VERSION_UPDATE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -252,7 +253,7 @@ export class AppsControllerV2 {
     }
     const ability = await this.appsAbilityFactory.appsActions(user, id);
 
-    if (!ability.can('updateVersions', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VERSION_UPDATE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -276,7 +277,7 @@ export class AppsControllerV2 {
     }
     const ability = await this.appsAbilityFactory.appsActions(user, id);
 
-    if (!ability.can('updateVersions', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VERSION_UPDATE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -300,7 +301,7 @@ export class AppsControllerV2 {
     }
     const ability = await this.appsAbilityFactory.appsActions(user, id);
 
-    if (!ability.can('updateVersions', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VERSION_UPDATE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -324,7 +325,7 @@ export class AppsControllerV2 {
     }
     const ability = await this.appsAbilityFactory.appsActions(user, id);
 
-    if (!ability.can('updateVersions', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VERSION_UPDATE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -349,7 +350,7 @@ export class AppsControllerV2 {
     }
     const ability = await this.appsAbilityFactory.appsActions(user, id);
 
-    if (!ability.can('updateVersions', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VERSION_UPDATE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -364,7 +365,7 @@ export class AppsControllerV2 {
     const app = version.app;
     const ability = await this.appsAbilityFactory.appsActions(user, id);
 
-    if (!ability.can('updateVersions', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VERSION_UPDATE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -383,7 +384,7 @@ export class AppsControllerV2 {
     }
     const ability = await this.appsAbilityFactory.appsActions(user, id);
 
-    if (!ability.can('updateVersions', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VERSION_UPDATE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -402,7 +403,7 @@ export class AppsControllerV2 {
     }
     const ability = await this.appsAbilityFactory.appsActions(user, id);
 
-    if (!ability.can('updateVersions', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VERSION_UPDATE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -424,7 +425,7 @@ export class AppsControllerV2 {
 
     const ability = await this.appsAbilityFactory.appsActions(user, id);
 
-    if (!ability.can('viewApp', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VIEW, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -452,7 +453,7 @@ export class AppsControllerV2 {
     }
     const ability = await this.appsAbilityFactory.appsActions(user, id);
 
-    if (!ability.can('updateVersions', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VERSION_UPDATE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -475,7 +476,7 @@ export class AppsControllerV2 {
     }
     const ability = await this.appsAbilityFactory.appsActions(user, id);
 
-    if (!ability.can('updateVersions', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VERSION_UPDATE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -496,7 +497,7 @@ export class AppsControllerV2 {
     }
     const ability = await this.appsAbilityFactory.appsActions(user, id);
 
-    if (!ability.can('updateVersions', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.VERSION_UPDATE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -513,7 +514,7 @@ export class AppsControllerV2 {
     @Body() versionReleaseDto: VersionReleaseDto
   ) {
     const ability = await this.appsAbilityFactory.appsActions(user, app.id);
-    if (!ability.can('updateParams', app)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.UPDATE, app)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
     return await this.appsService.releaseVersion(app.id, versionReleaseDto);
diff --git a/server/src/controllers/comment.controller.ts b/server/src/controllers/comment.controller.ts
index 218049d1a3..5bdbffee33 100644
--- a/server/src/controllers/comment.controller.ts
+++ b/server/src/controllers/comment.controller.ts
@@ -17,6 +17,7 @@ import { Thread } from '../entities/thread.entity';
 import { JwtAuthGuard } from '../../src/modules/auth/jwt-auth.guard';
 import { CommentsAbilityFactory } from 'src/modules/casl/abilities/comments-ability.factory';
 import { User } from 'src/decorators/user.decorator';
+import { COMMENT_RESOURCE_ACTION } from 'src/constants/global.constant';
 
 @Controller('comments')
 export class CommentController {
@@ -30,7 +31,7 @@ export class CommentController {
     });
     const ability = await this.commentsAbilityFactory.appsActions(user, { id: _response.appId });
 
-    if (!ability.can('createComment', Comment)) {
+    if (!ability.can(COMMENT_RESOURCE_ACTION.CREATE, Comment)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -46,7 +47,7 @@ export class CommentController {
     });
     const ability = await this.commentsAbilityFactory.appsActions(user, { id: _response.appId });
 
-    if (!ability.can('fetchComments', Comment)) {
+    if (!ability.can(COMMENT_RESOURCE_ACTION.READ, Comment)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -59,7 +60,7 @@ export class CommentController {
   public async getNotifications(@User() user, @Param('appId') appId: string, @Query() query): Promise<Comment[]> {
     const ability = await this.commentsAbilityFactory.appsActions(user, { id: appId });
 
-    if (!ability.can('fetchComments', Comment)) {
+    if (!ability.can(COMMENT_RESOURCE_ACTION.READ, Comment)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
     const comments = await this.commentService.getNotifications(
@@ -92,7 +93,7 @@ export class CommentController {
     });
     const ability = await this.commentsAbilityFactory.appsActions(user, { id: _response.thread.appId });
 
-    if (!ability.can('updateComment', Comment)) {
+    if (!ability.can(COMMENT_RESOURCE_ACTION.UPDATE, Comment)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
     const comment = await this.commentService.editComment(commentId, updateCommentDto);
@@ -108,7 +109,7 @@ export class CommentController {
     });
     const ability = await this.commentsAbilityFactory.appsActions(user, { id: _response.thread.appId });
 
-    if (!ability.can('deleteComment', Comment)) {
+    if (!ability.can(COMMENT_RESOURCE_ACTION.DELETE, Comment)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
     const deletedComment = await this.commentService.deleteComment(commentId);
diff --git a/server/src/controllers/folders.controller.ts b/server/src/controllers/folders.controller.ts
index 20d78a3780..b2ad7a0877 100644
--- a/server/src/controllers/folders.controller.ts
+++ b/server/src/controllers/folders.controller.ts
@@ -7,6 +7,7 @@ import { FoldersAbilityFactory } from 'src/modules/casl/abilities/folders-abilit
 import { Folder } from 'src/entities/folder.entity';
 import { CreateFolderDto } from '@dto/create-folder.dto';
 import { User } from 'src/decorators/user.decorator';
+import { FOLDER_RESOURCE_ACTION } from 'src/constants/global.constant';
 
 @Controller('folders')
 export class FoldersController {
@@ -22,9 +23,9 @@ export class FoldersController {
   @UseGuards(JwtAuthGuard)
   @Post()
   async create(@Request() req, @Body() createFolderDto: CreateFolderDto) {
-    const ability = await this.foldersAbilityFactory.folderActions(req.user, {});
+    const ability = await this.foldersAbilityFactory.folderActions(req.user);
 
-    if (!ability.can('createFolder', Folder)) {
+    if (!ability.can(FOLDER_RESOURCE_ACTION.CREATE, Folder)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
     const folder = await this.foldersService.create(req.user, createFolderDto.name);
@@ -34,9 +35,9 @@ export class FoldersController {
   @UseGuards(JwtAuthGuard)
   @Put(':id')
   async update(@User() user, @Param('id') id, @Body() createFolderDto: CreateFolderDto) {
-    const ability = await this.foldersAbilityFactory.folderActions(user, {});
+    const ability = await this.foldersAbilityFactory.folderActions(user);
 
-    if (!ability.can('updateFolder', Folder)) {
+    if (!ability.can(FOLDER_RESOURCE_ACTION.UPDATE, Folder)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -47,9 +48,9 @@ export class FoldersController {
   @UseGuards(JwtAuthGuard)
   @Delete(':id')
   async delete(@User() user, @Param('id') id) {
-    const ability = await this.foldersAbilityFactory.folderActions(user, {});
+    const ability = await this.foldersAbilityFactory.folderActions(user);
 
-    if (!ability.can('deleteFolder', Folder)) {
+    if (!ability.can(FOLDER_RESOURCE_ACTION.DELETE, Folder)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
diff --git a/server/src/controllers/global_data_sources.controller.ts b/server/src/controllers/global_data_sources.controller.ts
index 09375d2826..614584f388 100644
--- a/server/src/controllers/global_data_sources.controller.ts
+++ b/server/src/controllers/global_data_sources.controller.ts
@@ -21,6 +21,7 @@ import { User } from 'src/decorators/user.decorator';
 import { DataSource } from 'src/entities/data_source.entity';
 import { DataSourceScopes } from 'src/helpers/data_source.constants';
 import { getServiceAndRpcNames } from '../helpers/utils.helper';
+import { GLOBAL_DATA_SOURCE_RESOURCE_ACTIONS } from 'src/constants/global.constant';
 
 @Controller({
   path: 'data_sources',
@@ -81,7 +82,7 @@ export class GlobalDataSourcesController {
 
     const ability = await this.globalDataSourceAbilityFactory.globalDataSourceActions(user);
 
-    if (!ability.can('createGlobalDataSource', DataSource)) {
+    if (!ability.can(GLOBAL_DATA_SOURCE_RESOURCE_ACTIONS.CREATE, DataSource)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -118,7 +119,7 @@ export class GlobalDataSourcesController {
   ) {
     const ability = await this.globalDataSourceAbilityFactory.globalDataSourceActions(user);
 
-    if (!ability.can('updateGlobalDataSource', DataSource)) {
+    if (!ability.can(GLOBAL_DATA_SOURCE_RESOURCE_ACTIONS.UPDATE, DataSource)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -133,7 +134,7 @@ export class GlobalDataSourcesController {
   async delete(@User() user, @Param('id') dataSourceId) {
     const ability = await this.globalDataSourceAbilityFactory.globalDataSourceActions(user);
 
-    if (!ability.can('deleteGlobalDataSource', DataSource)) {
+    if (!ability.can(GLOBAL_DATA_SOURCE_RESOURCE_ACTIONS.DELETE, DataSource)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
     const result = await this.dataSourcesService.delete(dataSourceId);
@@ -149,7 +150,7 @@ export class GlobalDataSourcesController {
   async convertToGlobal(@User() user, @Param('id') dataSourceId) {
     const ability = await this.globalDataSourceAbilityFactory.globalDataSourceActions(user);
 
-    if (!ability.can('updateGlobalDataSource', DataSource)) {
+    if (!ability.can(GLOBAL_DATA_SOURCE_RESOURCE_ACTIONS.UPDATE, DataSource)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
     await this.dataSourcesService.convertToGlobalSource(dataSourceId, user.organizationId);
diff --git a/server/src/controllers/group_permissions.controller.ts b/server/src/controllers/group_permissions.controller.ts
deleted file mode 100644
index f9ad29ef15..0000000000
--- a/server/src/controllers/group_permissions.controller.ts
+++ /dev/null
@@ -1,118 +0,0 @@
-import { Controller, Body, Post, Get, Put, Delete, UseGuards, Param, Query } from '@nestjs/common';
-import { decamelizeKeys } from 'humps';
-import { JwtAuthGuard } from '../../src/modules/auth/jwt-auth.guard';
-import { GroupPermissionsService } from '../services/group_permissions.service';
-import { PoliciesGuard } from 'src/modules/casl/policies.guard';
-import { CheckPolicies } from 'src/modules/casl/check_policies.decorator';
-import { AppAbility } from 'src/modules/casl/casl-ability.factory';
-import { User } from 'src/decorators/user.decorator';
-import { User as UserEntity } from 'src/entities/user.entity';
-import { CreateGroupPermissionDto, UpdateGroupPermissionDto, DuplucateGroupDto } from '@dto/group-permission.dto';
-
-@Controller('group_permissions')
-export class GroupPermissionsController {
-  constructor(private groupPermissionsService: GroupPermissionsService) {}
-
-  @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('accessGroupPermission', UserEntity))
-  @Post()
-  async create(@User() user, @Body() createGroupPermissionDto: CreateGroupPermissionDto) {
-    await this.groupPermissionsService.create(user, createGroupPermissionDto.group);
-    return;
-  }
-
-  @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('accessGroupPermission', UserEntity))
-  @Post(':id/duplicate')
-  async duplicate(@User() user, @Param('id') id: string, @Body() body: DuplucateGroupDto) {
-    const duplicateGroup = await this.groupPermissionsService.duplicateGroup(user, id, body);
-    return duplicateGroup;
-  }
-
-  @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('accessGroupPermission', UserEntity))
-  @Get(':id')
-  async show(@User() user, @Param('id') id: string) {
-    const groupPermission = await this.groupPermissionsService.findOne(user, id);
-
-    return decamelizeKeys(groupPermission);
-  }
-
-  @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('accessGroupPermission', UserEntity))
-  @Put(':id/app_group_permissions/:appGroupPermissionId')
-  async updateAppGroupPermission(
-    @Body() updateGroupPermissionDto: UpdateGroupPermissionDto,
-    @User() user,
-    @Param('id') id: string,
-    @Param('appGroupPermissionId') appGroupPermissionId: string
-  ) {
-    await this.groupPermissionsService.updateAppGroupPermission(
-      user,
-      id,
-      appGroupPermissionId,
-      updateGroupPermissionDto.actions
-    );
-    return;
-  }
-
-  @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('accessGroupPermission', UserEntity))
-  @Put(':id')
-  async update(@User() user, @Param('id') id, @Body() body) {
-    await this.groupPermissionsService.update(user, id, body);
-  }
-
-  @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('accessGroupPermission', UserEntity))
-  @Get()
-  async index(@User() user) {
-    const groupPermissions = await this.groupPermissionsService.findAll(user);
-
-    return decamelizeKeys({ groupPermissions });
-  }
-
-  @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('accessGroupPermission', UserEntity))
-  @Delete(':id')
-  async destroy(@User() user, @Param('id') id) {
-    await this.groupPermissionsService.destroy(user, id);
-    return;
-  }
-
-  @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('accessGroupPermission', UserEntity))
-  @Get(':id/apps')
-  async apps(@User() user, @Param('id') id) {
-    const apps = await this.groupPermissionsService.findApps(user, id);
-
-    return decamelizeKeys({ apps });
-  }
-
-  @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('accessGroupPermission', UserEntity))
-  @Get(':id/addable_apps')
-  async addableApps(@User() user, @Param('id') id) {
-    const apps = await this.groupPermissionsService.findAddableApps(user, id);
-
-    return decamelizeKeys({ apps });
-  }
-
-  @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('accessGroupPermission', UserEntity))
-  @Get(':id/users')
-  async users(@User() user, @Param('id') id) {
-    const users = await this.groupPermissionsService.findUsers(user, id);
-
-    return decamelizeKeys({ users });
-  }
-
-  @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('accessGroupPermission', UserEntity))
-  @Get(':id/addable_users')
-  async addableUsers(@User() user, @Param('id') id, @Query('input') searchInput: string) {
-    const users = await this.groupPermissionsService.findAddableUsers(user, id, searchInput.trim());
-
-    return decamelizeKeys({ users });
-  }
-}
diff --git a/server/src/controllers/group_permissions.controller.v2.ts b/server/src/controllers/group_permissions.controller.v2.ts
new file mode 100644
index 0000000000..60b9117901
--- /dev/null
+++ b/server/src/controllers/group_permissions.controller.v2.ts
@@ -0,0 +1,214 @@
+import { CreateGranularPermissionDto, UpdateGranularPermissionDto } from '@dto/granular-permissions.dto';
+import {
+  AddGroupUserDto,
+  CreateGroupPermissionDto,
+  EditUserRoleDto,
+  UpdateGroupPermissionDto,
+} from '@dto/group_permissions.dto';
+import { User as UserEntity } from 'src/entities/user.entity';
+import { JwtAuthGuard } from '@module/auth/jwt-auth.guard';
+import { AppAbility } from '@module/casl/casl-ability.factory';
+import { CheckPolicies } from '@module/casl/check_policies.decorator';
+import { PoliciesGuard } from '@module/casl/policies.guard';
+import { GroupPermissionsUtilityService } from '@module/user_resource_permissions/services/group-permissions.utility.service';
+import {
+  validateGranularPermissionCreateOperation,
+  validateGranularPermissionUpdateOperation,
+} from '@module/user_resource_permissions/utility/granular-permissios.utility';
+import {
+  validateCreateGroupOperation,
+  validateDeleteGroupUserOperation,
+} from '@module/user_resource_permissions/utility/group-permissions.utility';
+import { Body, Controller, Delete, Get, Param, Post, Put, Query, UseGuards } from '@nestjs/common';
+import { GranularPermissionsService } from '@services/granular_permissions.service';
+import { GroupPermissionsServiceV2 } from '@services/group_permissions.service.v2';
+import { UserRoleService } from '@services/user-role.service';
+import { ORGANIZATION_RESOURCE_ACTIONS } from 'src/constants/global.constant';
+import { User } from 'src/decorators/user.decorator';
+import { GranularPermissions } from 'src/entities/granular_permissions.entity';
+import { DuplucateGroupDto } from '@dto/group-permission.dto';
+
+@Controller({
+  path: 'group_permissions',
+  version: '2',
+})
+export class GroupPermissionsControllerV2 {
+  constructor(
+    private groupPermissionsService: GroupPermissionsServiceV2,
+    private userRoleService: UserRoleService,
+    private granularPermissionsService: GranularPermissionsService,
+    private groupPermissionUtilityService: GroupPermissionsUtilityService
+  ) {}
+
+  @UseGuards(JwtAuthGuard, PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, UserEntity))
+  @Post()
+  async create(@User() user, @Body() createGroupPermissionDto: CreateGroupPermissionDto) {
+    /* 
+    License Validation check - 
+      1. CE - Anyone can create custom groups
+      2. EE/Cloud - Basic Plan - Cant create custom group
+            - Paid Plan - Can create custom group
+    */
+    validateCreateGroupOperation(createGroupPermissionDto);
+    const { organizationId } = user;
+    return await this.groupPermissionsService.create(organizationId, createGroupPermissionDto);
+  }
+
+  @UseGuards(JwtAuthGuard, PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, UserEntity))
+  @Get(':id')
+  async get(@User() user, @Param('id') id: string) {
+    return await this.groupPermissionsService.getGroup(id);
+  }
+
+  @UseGuards(JwtAuthGuard, PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, UserEntity))
+  @Get()
+  async getAll(@User() user) {
+    const { organizationId } = user;
+    return await this.groupPermissionsService.getAllGroup(organizationId);
+  }
+
+  @UseGuards(JwtAuthGuard, PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, UserEntity))
+  @Put(':id')
+  async update(@User() user, @Param('id') id: string, @Body() updateGroupDto: UpdateGroupPermissionDto) {
+    /* 
+    License Validation check - 
+      1. CE - Anyone can create update custom groups but no'one can update defaul group
+      2. EE/Cloud - Basic Plan - No'one can update custom and default group
+            - Paid Plan - Can update only custom and default -builder custom group
+    */
+    return await this.groupPermissionsService.updateGroup(id, updateGroupDto);
+  }
+
+  @UseGuards(JwtAuthGuard, PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, UserEntity))
+  @Delete(':id')
+  async delete(@User() user, @Param('id') id: string) {
+    return await this.groupPermissionsService.deleteGroup(id);
+  }
+
+  @UseGuards(JwtAuthGuard, PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, UserEntity))
+  @Post(':id/duplicate')
+  async duplicateGroup(@User() user, @Param('id') groupId: string, @Body() duplicateGroupDto: DuplucateGroupDto) {
+    return await this.groupPermissionsService.duplicateGroup(groupId, duplicateGroupDto);
+  }
+
+  @UseGuards(JwtAuthGuard, PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, UserEntity))
+  @Post('group-user')
+  async createGroupUsers(@User() user, @Body() addGroupUserDto: AddGroupUserDto) {
+    const { organizationId } = user;
+    return await this.groupPermissionsService.addGroupUsers(addGroupUserDto, organizationId);
+  }
+
+  @UseGuards(JwtAuthGuard, PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, UserEntity))
+  @Get(':groupId/group-user')
+  async getAllGroupUser(@User() user, @Param('groupId') groupId: string, @Query('input') searchInput: string) {
+    return await this.groupPermissionsService.getAllGroupUsers(
+      { groupId, organizationId: user.organizationId },
+      searchInput
+    );
+  }
+
+  @UseGuards(JwtAuthGuard, PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, UserEntity))
+  @Delete('group-user/:id')
+  async deleteGroupUser(@User() user, @Param('id') id: string) {
+    const groupUser = await this.groupPermissionsService.getGroupUser(id);
+    validateDeleteGroupUserOperation(groupUser?.group);
+    return await this.groupPermissionsService.deleteGroupUser(id);
+  }
+
+  @UseGuards(JwtAuthGuard, PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, UserEntity))
+  @Get(':groupId/group-user/addable-users')
+  async getAddableGroupUser(@User() user, @Param('groupId') groupId: string, @Query('input') searchInput: string) {
+    return await this.groupPermissionUtilityService.getAddableUser(user, groupId, searchInput.trim());
+  }
+
+  @UseGuards(JwtAuthGuard, PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, UserEntity))
+  @Get('granular-permissions/addable-apps')
+  async getAddableApps(@User() user) {
+    return await this.groupPermissionUtilityService.getAddableApps(user);
+  }
+
+  @UseGuards(JwtAuthGuard, PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, UserEntity))
+  @Put('user-role/edit')
+  async updateUserRole(@User() user, @Body() editRoleDto: EditUserRoleDto) {
+    /* 
+
+     What are license thing for this
+    License Validation check - 
+      1. CE - Anyone can create update custom groups but no'one can update defaul group
+      2. EE/Cloud - Basic Plan - No'one can update custom and default group
+            - Paid Plan - Can update only custom and default -builder custom group
+    */
+    const { organizationId } = user;
+    return await this.userRoleService.editDefaultGroupUserRole(editRoleDto, organizationId);
+  }
+
+  //Should be not be part of current CE
+  @UseGuards(JwtAuthGuard, PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, UserEntity))
+  @Post('granular-permissions')
+  async createGranularPermissions(@User() user, @Body() createGranularPermissionsDto: CreateGranularPermissionDto) {
+    //Check for license validation first here
+    // What are license validation for this
+    const { groupId, createAppsPermissionsObject } = createGranularPermissionsDto;
+    const { group } = await this.groupPermissionsService.getGroup(groupId);
+    validateGranularPermissionCreateOperation(group);
+    return await this.granularPermissionsService.create(
+      {
+        createGranularPermissionDto: createGranularPermissionsDto,
+        organizationId: user.organizationId,
+      },
+      createAppsPermissionsObject
+    );
+  }
+
+  @UseGuards(JwtAuthGuard, PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, UserEntity))
+  @Get(':groupId/granular-permissions')
+  async getAllGranularPermissions(@User() user, @Param('groupId') groupId: string): Promise<GranularPermissions[]> {
+    const granularPermissions: GranularPermissions[] = await this.granularPermissionsService.getAll({
+      groupId: groupId,
+    });
+    return granularPermissions;
+  }
+
+  @UseGuards(JwtAuthGuard, PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, UserEntity))
+  @Put('granular-permissions/update/:id')
+  async updateGranularPermissions(
+    @User() user,
+    @Param('id') granularPermissionsId: string,
+    @Body() updateGranularPermissionDto: UpdateGranularPermissionDto
+  ) {
+    //Check for license validation first here
+    // What are license validation for this
+    // const { groupId } = createGranularPermissionsDto;
+
+    const granularPermissions = await this.granularPermissionsService.get(granularPermissionsId);
+    const group = granularPermissions.group;
+    validateGranularPermissionUpdateOperation(group);
+    return await this.granularPermissionsService.update(granularPermissionsId, {
+      group: group,
+      organizationId: group.organizationId,
+      updateGranularPermissionDto,
+    });
+  }
+
+  @UseGuards(JwtAuthGuard, PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, UserEntity))
+  @Delete('granular-permissions/:id')
+  async deleteGranularPermissions(@User() user, @Param('id') granularPermissionsId: string): Promise<void> {
+    await this.granularPermissionsService.delete(granularPermissionsId);
+  }
+}
diff --git a/server/src/controllers/import_export_resources.controller.ts b/server/src/controllers/import_export_resources.controller.ts
index a5b14b32da..2176f24852 100644
--- a/server/src/controllers/import_export_resources.controller.ts
+++ b/server/src/controllers/import_export_resources.controller.ts
@@ -9,6 +9,7 @@ import { AppsAbilityFactory } from 'src/modules/casl/abilities/apps-ability.fact
 import { CloneResourcesDto } from '@dto/clone-resources.dto';
 import { checkVersionCompatibility } from 'src/helpers/utils.helper';
 import { APP_ERROR_TYPE } from 'src/helpers/error_type.constant';
+import { APP_RESOURCE_ACTIONS } from 'src/constants/global.constant';
 
 @Controller({
   path: 'resources',
@@ -25,7 +26,7 @@ export class ImportExportResourcesController {
   async export(@User() user, @Body() exportResourcesDto: ExportResourcesDto) {
     const ability = await this.appsAbilityFactory.appsActions(user);
 
-    if (!ability.can('createApp', App)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.EXPORT, App)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
     const result = await this.importExportResourcesService.export(user, exportResourcesDto);
@@ -40,7 +41,7 @@ export class ImportExportResourcesController {
   async import(@User() user, @Body() importResourcesDto: ImportResourcesDto) {
     const ability = await this.appsAbilityFactory.appsActions(user);
 
-    if (!ability.can('importApp', App)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.IMPORT, App)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
     const isNotCompatibleVersion = !checkVersionCompatibility(importResourcesDto.tooljet_version);
@@ -56,7 +57,7 @@ export class ImportExportResourcesController {
   async clone(@User() user, @Body() cloneResourcesDto: CloneResourcesDto) {
     const ability = await this.appsAbilityFactory.appsActions(user, cloneResourcesDto?.app?.[0]?.id);
 
-    if (!ability.can('cloneApp', App)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.CLONE, App)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
diff --git a/server/src/controllers/library_apps.controller.ts b/server/src/controllers/library_apps.controller.ts
index 7c54c08d0a..d996b84483 100644
--- a/server/src/controllers/library_apps.controller.ts
+++ b/server/src/controllers/library_apps.controller.ts
@@ -5,6 +5,7 @@ import { App } from 'src/entities/app.entity';
 import { AppsAbilityFactory } from 'src/modules/casl/abilities/apps-ability.factory';
 import { JwtAuthGuard } from '../../src/modules/auth/jwt-auth.guard';
 import { TemplateAppManifests } from '../../templates';
+import { APP_RESOURCE_ACTIONS } from 'src/constants/global.constant';
 
 @Controller('library_apps')
 export class LibraryAppsController {
@@ -18,7 +19,7 @@ export class LibraryAppsController {
   async create(@User() user, @Body('identifier') identifier, @Body('appName') appName) {
     const ability = await this.appsAbilityFactory.appsActions(user);
 
-    if (!ability.can('createApp', App)) {
+    if (!ability.can(APP_RESOURCE_ACTIONS.CREATE, App)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
     const newApp = await this.libraryAppCreationService.perform(user, identifier, appName);
diff --git a/server/src/controllers/organization_users.controller.ts b/server/src/controllers/organization_users.controller.ts
index 5bad4df1cf..42f0da05ea 100644
--- a/server/src/controllers/organization_users.controller.ts
+++ b/server/src/controllers/organization_users.controller.ts
@@ -12,7 +12,6 @@ import {
 } from '@nestjs/common';
 import { Response, Express } from 'express';
 import { OrganizationUsersService } from 'src/services/organization_users.service';
-import { decamelizeKeys } from 'humps';
 import { JwtAuthGuard } from '../../src/modules/auth/jwt-auth.guard';
 import { AppAbility } from 'src/modules/casl/casl-ability.factory';
 import { PoliciesGuard } from 'src/modules/casl/policies.guard';
@@ -22,6 +21,7 @@ import { User } from 'src/decorators/user.decorator';
 import { InviteNewUserDto } from '../dto/invite-new-user.dto';
 import { OrganizationsService } from '@services/organizations.service';
 import { FileInterceptor } from '@nestjs/platform-express';
+import { ORGANIZATION_RESOURCE_ACTIONS } from 'src/constants/global.constant';
 
 const MAX_CSV_FILE_SIZE = 1024 * 1024 * 1; // 1MB
 @Controller('organization_users')
@@ -33,7 +33,7 @@ export class OrganizationUsersController {
 
   // Endpoint for inviting new organization users
   @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('inviteUser', UserEntity))
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.USER_INVITE, UserEntity))
   @Post()
   async create(@User() user, @Body() inviteNewUserDto: InviteNewUserDto) {
     await this.organizationsService.inviteNewUser(user, inviteNewUserDto);
@@ -41,7 +41,7 @@ export class OrganizationUsersController {
   }
 
   @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('inviteUser', UserEntity))
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.USER_INVITE, UserEntity))
   @UseInterceptors(FileInterceptor('file'))
   @Post('upload_csv')
   async bulkUploadUsers(@User() user, @UploadedFile() file: Express.Multer.File, @Res() res: Response) {
@@ -53,7 +53,7 @@ export class OrganizationUsersController {
   }
 
   @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('archiveUser', UserEntity))
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.USER_ARCHIVE, UserEntity))
   @Post(':id/archive')
   async archive(@User() user, @Param('id') id: string) {
     await this.organizationUsersService.archive(id, user.organizationId);
@@ -61,7 +61,7 @@ export class OrganizationUsersController {
   }
 
   @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('updateUser', UserEntity))
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.UPDATE_USERS, UserEntity))
   @Put(':id')
   async updateUser(@Param('id') id: string, @Body() updateUserDto) {
     await this.organizationUsersService.updateOrgUser(id, updateUserDto);
@@ -69,19 +69,10 @@ export class OrganizationUsersController {
   }
 
   @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('archiveUser', UserEntity))
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.USER_ARCHIVE, UserEntity))
   @Post(':id/unarchive')
   async unarchive(@User() user, @Param('id') id: string) {
     await this.organizationUsersService.unarchive(user, id);
     return;
   }
-
-  // Deprecated
-  @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('changeRole', UserEntity))
-  @Post(':id/change_role')
-  async changeRole(@Param('id') id, @Body('role') role) {
-    const result = await this.organizationUsersService.changeRole(id, role);
-    return decamelizeKeys({ result });
-  }
 }
diff --git a/server/src/controllers/organizations.controller.ts b/server/src/controllers/organizations.controller.ts
index 82342a5de8..e8a754697a 100644
--- a/server/src/controllers/organizations.controller.ts
+++ b/server/src/controllers/organizations.controller.ts
@@ -10,13 +10,14 @@ import { PoliciesGuard } from 'src/modules/casl/policies.guard';
 import { User as UserEntity } from 'src/entities/user.entity';
 import { OrganizationCreateDto, OrganizationUpdateDto } from '@dto/organization.dto';
 import { Response } from 'express';
+import { ORGANIZATION_RESOURCE_ACTIONS } from 'src/constants/global.constant';
 
 @Controller('organizations')
 export class OrganizationsController {
   constructor(private organizationsService: OrganizationsService, private authService: AuthService) {}
 
   @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('viewAllUsers', UserEntity))
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.VIEW_ALL_USERS, UserEntity))
   @Get('users')
   async getUsers(@User() user, @Query() query) {
     const { page, searchText, status } = query;
@@ -93,7 +94,7 @@ export class OrganizationsController {
   }
 
   @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('updateOrganizations', UserEntity))
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.UPDATE, UserEntity))
   @Get('/configs')
   async getConfigs(@User() user) {
     const result = await this.organizationsService.fetchOrganizationDetails(user.organizationId);
@@ -104,7 +105,7 @@ export class OrganizationsController {
   }
 
   @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('updateOrganizations', UserEntity))
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.UPDATE, UserEntity))
   @Patch()
   async update(@Body() organizationUpdateDto: OrganizationUpdateDto, @User() user) {
     await this.organizationsService.updateOrganization(user.organizationId, organizationUpdateDto);
@@ -112,7 +113,7 @@ export class OrganizationsController {
   }
 
   @UseGuards(JwtAuthGuard, PoliciesGuard)
-  @CheckPolicies((ability: AppAbility) => ability.can('updateOrganizations', UserEntity))
+  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.UPDATE, UserEntity))
   @Patch('/configs')
   async updateConfigs(@Body() body, @User() user) {
     const result: any = await this.organizationsService.updateOrganizationConfigs(user.organizationId, body);
diff --git a/server/src/controllers/plugins.controller.ts b/server/src/controllers/plugins.controller.ts
index 2d1ab19b7b..bdf9cab4db 100644
--- a/server/src/controllers/plugins.controller.ts
+++ b/server/src/controllers/plugins.controller.ts
@@ -20,6 +20,7 @@ import { PluginsAbilityFactory } from 'src/modules/casl/abilities/plugins-abilit
 import { JwtAuthGuard } from 'src/modules/auth/jwt-auth.guard';
 import { User } from 'src/decorators/user.decorator';
 import { IsPluginApiEnabledGuard } from 'src/modules/casl/plugins.guard';
+import { PLUGIN_RESOURCE_ACTION } from 'src/constants/global.constant';
 
 @Controller('plugins')
 @UseInterceptors(ClassSerializerInterceptor)
@@ -32,7 +33,7 @@ export class PluginsController {
   async install(@User() user, @Body() createPluginDto: CreatePluginDto) {
     const ability = await this.pluginsAbilityFactory.pluginActions(user);
 
-    if (!ability.can('installPlugin', Plugin)) {
+    if (!ability.can(PLUGIN_RESOURCE_ACTION.INSTALL, Plugin)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -60,7 +61,7 @@ export class PluginsController {
   async update(@User() user, @Param('id') id: string, @Body() updatePluginDto: UpdatePluginDto) {
     const ability = await this.pluginsAbilityFactory.pluginActions(user);
 
-    if (!ability.can('updatePlugin', Plugin)) {
+    if (!ability.can(PLUGIN_RESOURCE_ACTION.UPDATE, Plugin)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
@@ -72,7 +73,7 @@ export class PluginsController {
   async remove(@User() user, @Param('id') id: string) {
     const ability = await this.pluginsAbilityFactory.pluginActions(user);
 
-    if (!ability.can('deletePlugin', Plugin)) {
+    if (!ability.can(PLUGIN_RESOURCE_ACTION.DELETE, Plugin)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
 
diff --git a/server/src/controllers/thread.controller.ts b/server/src/controllers/thread.controller.ts
index 2d2a33c0e4..c710b19a12 100644
--- a/server/src/controllers/thread.controller.ts
+++ b/server/src/controllers/thread.controller.ts
@@ -16,6 +16,7 @@ import { Thread } from '../entities/thread.entity';
 import { JwtAuthGuard } from '../modules/auth/jwt-auth.guard';
 import { ThreadsAbilityFactory } from 'src/modules/casl/abilities/threads-ability.factory';
 import { User } from 'src/decorators/user.decorator';
+import { THREAD_RESOURCE_ACTION } from 'src/constants/global.constant';
 
 @Controller('threads')
 export class ThreadController {
@@ -26,7 +27,7 @@ export class ThreadController {
   public async createThread(@User() user, @Body() createThreadDto: CreateThreadDto): Promise<Thread> {
     const ability = await this.threadsAbilityFactory.appsActions(user, createThreadDto.appId);
 
-    if (!ability.can('createThread', Thread)) {
+    if (!ability.can(THREAD_RESOURCE_ACTION.CREATE, Thread)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
     const thread = await this.threadService.createThread(createThreadDto, user.id, user.organizationId);
@@ -38,7 +39,7 @@ export class ThreadController {
   public async getThreads(@User() user, @Param('appId') appId: string, @Query() query): Promise<Thread[]> {
     const ability = await this.threadsAbilityFactory.appsActions(user, appId);
 
-    if (!ability.can('fetchThreads', Thread)) {
+    if (!ability.can(THREAD_RESOURCE_ACTION.READ, Thread)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
     const threads = await this.threadService.getThreads(appId, user.organizationId, query.appVersionsId);
@@ -54,7 +55,7 @@ export class ThreadController {
 
     const ability = await this.threadsAbilityFactory.appsActions(user, _response.appId);
 
-    if (!ability.can('fetchThreads', Thread)) {
+    if (!ability.can(THREAD_RESOURCE_ACTION.READ, Thread)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
     const thread = await this.threadService.getThread(threadId);
@@ -74,7 +75,7 @@ export class ThreadController {
 
     const ability = await this.threadsAbilityFactory.appsActions(user, _response.appId);
 
-    if (!ability.can('updateThread', Thread)) {
+    if (!ability.can(THREAD_RESOURCE_ACTION.UPDATE, Thread)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
     const thread = await this.threadService.editThread(threadId, updateThreadDto);
@@ -90,7 +91,7 @@ export class ThreadController {
 
     const ability = await this.threadsAbilityFactory.appsActions(user, _response.appId);
 
-    if (!ability.can('deleteThread', Thread)) {
+    if (!ability.can(THREAD_RESOURCE_ACTION.DELETE, Thread)) {
       throw new ForbiddenException('You do not have permissions to perform this action');
     }
     const deletedThread = await this.threadService.deleteThread(threadId);
diff --git a/server/src/dto/granular-permissions.dto.ts b/server/src/dto/granular-permissions.dto.ts
new file mode 100644
index 0000000000..33e94ca1b2
--- /dev/null
+++ b/server/src/dto/granular-permissions.dto.ts
@@ -0,0 +1,58 @@
+import { Transform } from 'class-transformer';
+import { IsString, IsNotEmpty, IsBoolean, IsOptional, IsEnum } from 'class-validator';
+import { ResourceType } from '@module/user_resource_permissions/constants/granular-permissions.constant';
+import {
+  ResourceGroupActions,
+  GranularPermissionAddResourceItems,
+  GranularPermissionDeleteResourceItems,
+  CreateAppsPermissionsObject,
+} from '@module/user_resource_permissions/interface/granular-permissions.interface';
+
+export class CreateGranularPermissionDto {
+  @IsString()
+  @Transform(({ value }) => value.trim())
+  @IsNotEmpty()
+  name: string;
+
+  @IsString()
+  @IsNotEmpty()
+  groupId: string;
+
+  @IsBoolean()
+  @IsNotEmpty()
+  isAll: boolean;
+
+  @IsEnum(ResourceType)
+  @IsNotEmpty()
+  type: ResourceType;
+
+  @IsOptional()
+  createAppsPermissionsObject: CreateAppsPermissionsObject;
+
+  // @IsBoolean()
+  // @IsOptional()
+  // allowRoleChange: boolean;
+}
+
+export class UpdateGranularPermissionDto {
+  @IsString()
+  @IsOptional()
+  name: string;
+
+  @IsBoolean()
+  @IsOptional()
+  isAll: boolean;
+
+  @IsOptional()
+  actions: ResourceGroupActions;
+
+  @IsOptional()
+  resourcesToAdd: GranularPermissionAddResourceItems;
+
+  @IsOptional()
+  resourcesToDelete: GranularPermissionDeleteResourceItems;
+
+  @IsBoolean()
+  @IsOptional()
+  allowRoleChange: boolean;
+}
diff --git a/server/src/dto/group_permissions.dto.ts b/server/src/dto/group_permissions.dto.ts
new file mode 100644
index 0000000000..c9f16c5857
--- /dev/null
+++ b/server/src/dto/group_permissions.dto.ts
@@ -0,0 +1,81 @@
+import { USER_ROLE } from '@module/user_resource_permissions/constants/group-permissions.constant';
+import { Transform } from 'class-transformer';
+import { IsString, IsNotEmpty, IsBoolean, IsOptional, IsEnum, IsArray } from 'class-validator';
+
+export class CreateGroupPermissionDto {
+  @IsString()
+  @Transform(({ value }) => value.trim())
+  @IsNotEmpty()
+  name: string;
+}
+
+export class UpdateGroupPermissionDto {
+  @IsString()
+  @Transform(({ value }) => value.trim())
+  @IsOptional()
+  name: string;
+
+  @IsBoolean()
+  @IsOptional()
+  appCreate: boolean;
+
+  @IsBoolean()
+  @IsOptional()
+  appDelete: boolean;
+
+  @IsBoolean()
+  @IsOptional()
+  folderCRUD: boolean;
+
+  @IsBoolean()
+  @IsOptional()
+  orgConstantCRUD: boolean;
+
+  @IsBoolean()
+  @IsOptional()
+  dataSourceCreate: boolean;
+
+  @IsBoolean()
+  @IsOptional()
+  dataSourceDelete: boolean;
+
+  @IsBoolean()
+  @IsOptional()
+  allowRoleChange: boolean;
+}
+
+export class EditUserRoleDto {
+  @IsEnum(USER_ROLE)
+  @IsNotEmpty()
+  newRole: USER_ROLE;
+
+  @IsString()
+  @IsNotEmpty()
+  userId: string;
+}
+
+export class AddGroupUserDto {
+  @IsNotEmpty()
+  @IsArray()
+  @IsString({ each: true })
+  userIds: string[];
+
+  @IsString()
+  @IsNotEmpty()
+  groupId: string;
+
+  @IsBoolean()
+  @IsOptional()
+  allowRoleChange: boolean;
+}
+
+export class DuplicateGroupDto {
+  @IsBoolean()
+  addPermission: boolean;
+
+  @IsBoolean()
+  addApps: boolean;
+
+  @IsBoolean()
+  addUsers: boolean;
+}
diff --git a/server/src/dto/invite-new-user.dto.ts b/server/src/dto/invite-new-user.dto.ts
index 57577f508a..c2bf4705af 100644
--- a/server/src/dto/invite-new-user.dto.ts
+++ b/server/src/dto/invite-new-user.dto.ts
@@ -1,6 +1,7 @@
-import { IsArray, IsEmail, IsOptional, IsString } from 'class-validator';
+import { IsArray, IsEmail, IsEnum, IsOptional, IsString } from 'class-validator';
 import { Transform } from 'class-transformer';
 import { lowercaseString, sanitizeInput } from '../helpers/utils.helper';
+import { USER_ROLE } from '@module/user_resource_permissions/constants/group-permissions.constant';
 
 export class InviteNewUserDto {
   @IsString()
@@ -21,4 +22,8 @@ export class InviteNewUserDto {
   @IsString({ each: true })
   @IsOptional()
   groups: string[];
+
+  @IsString()
+  @IsEnum(USER_ROLE)
+  role: USER_ROLE;
 }
diff --git a/server/src/entities/app.entity.ts b/server/src/entities/app.entity.ts
index a6c42dcc4b..fea935c2e7 100644
--- a/server/src/entities/app.entity.ts
+++ b/server/src/entities/app.entity.ts
@@ -16,9 +16,10 @@ import {
   BaseEntity,
 } from 'typeorm';
 import { AppVersion } from './app_version.entity';
-import { AppGroupPermission } from './app_group_permission.entity';
 import { GroupPermission } from './group_permission.entity';
 import { User } from './user.entity';
+import { GroupApps } from './group_apps.entity';
+import { AppGroupPermission } from './app_group_permission.entity';
 
 @Entity({ name: 'apps' })
 export class App extends BaseEntity {
@@ -64,6 +65,7 @@ export class App extends BaseEntity {
   })
   appVersions: AppVersion[];
 
+  //Depreciated
   @ManyToMany(() => GroupPermission)
   @JoinTable({
     name: 'app_group_permissions',
@@ -76,6 +78,10 @@ export class App extends BaseEntity {
   })
   groupPermissions: GroupPermission[];
 
+  @OneToMany(() => GroupApps, (groupApps) => groupApps.app, { onDelete: 'CASCADE' })
+  appGroups: GroupApps[];
+
+  //Depreciated
   @OneToMany(() => AppGroupPermission, (appGroupPermission) => appGroupPermission.app, { onDelete: 'CASCADE' })
   appGroupPermissions: AppGroupPermission[];
 
diff --git a/server/src/entities/app_base.entity.ts b/server/src/entities/app_base.entity.ts
index 9aa2cfad7e..0729ab3447 100644
--- a/server/src/entities/app_base.entity.ts
+++ b/server/src/entities/app_base.entity.ts
@@ -60,6 +60,7 @@ export class AppBase extends BaseEntity {
   })
   appVersions: AppVersion[];
 
+  //Depreciated
   @ManyToMany(() => GroupPermission)
   @JoinTable({
     name: 'app_group_permissions',
@@ -72,6 +73,7 @@ export class AppBase extends BaseEntity {
   })
   groupPermissions: GroupPermission[];
 
+  //Depreciated
   @OneToMany(() => AppGroupPermission, (appGroupPermission) => appGroupPermission.app, { onDelete: 'CASCADE' })
   appGroupPermissions: AppGroupPermission[];
 }
diff --git a/server/src/entities/apps_group_permissions.entity.ts b/server/src/entities/apps_group_permissions.entity.ts
new file mode 100644
index 0000000000..180458a338
--- /dev/null
+++ b/server/src/entities/apps_group_permissions.entity.ts
@@ -0,0 +1,46 @@
+import {
+  BaseEntity,
+  Column,
+  CreateDateColumn,
+  Entity,
+  Index,
+  JoinColumn,
+  ManyToOne,
+  OneToMany,
+  PrimaryGeneratedColumn,
+  UpdateDateColumn,
+} from 'typeorm';
+import { GranularPermissions } from './granular_permissions.entity';
+import { GroupApps } from './group_apps.entity';
+
+@Entity({ name: 'apps_group_permissions' })
+export class AppsGroupPermissions extends BaseEntity {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Index()
+  @Column({ name: 'granular_permission_id' })
+  granularPermissionId: string;
+
+  @Column({ name: 'can_edit', nullable: false, default: false })
+  canEdit: boolean;
+
+  @Column({ name: 'can_view', nullable: false, default: false })
+  canView: boolean;
+
+  @Column({ name: 'hide_from_dashboard', nullable: false, default: false })
+  hideFromDashboard: boolean;
+
+  @CreateDateColumn({ default: () => 'now()', name: 'created_at' })
+  createdAt: Date;
+
+  @UpdateDateColumn({ default: () => 'now()', name: 'updated_at' })
+  updatedAt: Date;
+
+  @ManyToOne(() => GranularPermissions, (granularPermission) => granularPermission.id)
+  @JoinColumn({ name: 'granular_permission_id' })
+  granularPermissions: GranularPermissions;
+
+  @OneToMany(() => GroupApps, (groupApps) => groupApps.appsPermissions, { onDelete: 'CASCADE' })
+  groupApps: GroupApps[];
+}
diff --git a/server/src/entities/granular_permissions.entity.ts b/server/src/entities/granular_permissions.entity.ts
new file mode 100644
index 0000000000..747301f17a
--- /dev/null
+++ b/server/src/entities/granular_permissions.entity.ts
@@ -0,0 +1,47 @@
+import {
+  BaseEntity,
+  Column,
+  CreateDateColumn,
+  Entity,
+  JoinColumn,
+  ManyToOne,
+  OneToOne,
+  PrimaryGeneratedColumn,
+  UpdateDateColumn,
+} from 'typeorm';
+import { ResourceType } from '@module/user_resource_permissions/constants/granular-permissions.constant';
+import { GroupPermissions } from './group_permissions.entity';
+import { AppsGroupPermissions } from './apps_group_permissions.entity';
+
+@Entity({ name: 'granular_permissions' })
+export class GranularPermissions extends BaseEntity {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ name: 'group_id' })
+  groupId: string;
+
+  @Column({ name: 'name', nullable: false })
+  name: string;
+
+  @Column({ name: 'type', nullable: false, type: 'enum', enum: ResourceType })
+  type: ResourceType;
+
+  @Column({ name: 'is_all', nullable: false, default: true })
+  isAll: boolean;
+
+  @CreateDateColumn({ default: () => 'now()', name: 'created_at' })
+  createdAt: Date;
+
+  @UpdateDateColumn({ default: () => 'now()', name: 'updated_at' })
+  updatedAt: Date;
+
+  @ManyToOne(() => GroupPermissions, (group) => group.id)
+  @JoinColumn({ name: 'group_id' })
+  group: GroupPermissions;
+
+  @OneToOne(() => AppsGroupPermissions, (appsGroupPermission) => appsGroupPermission.granularPermissions, {
+    onDelete: 'CASCADE',
+  })
+  appsGroupPermissions: AppsGroupPermissions;
+}
diff --git a/server/src/entities/group_apps.entity.ts b/server/src/entities/group_apps.entity.ts
new file mode 100644
index 0000000000..28f6113f4f
--- /dev/null
+++ b/server/src/entities/group_apps.entity.ts
@@ -0,0 +1,38 @@
+import {
+  BaseEntity,
+  Column,
+  CreateDateColumn,
+  Entity,
+  JoinColumn,
+  ManyToOne,
+  PrimaryGeneratedColumn,
+  UpdateDateColumn,
+} from 'typeorm';
+import { App } from './app.entity';
+import { AppsGroupPermissions } from './apps_group_permissions.entity';
+
+@Entity({ name: 'group_apps' })
+export class GroupApps extends BaseEntity {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ name: 'app_id' })
+  appId: string;
+
+  @Column({ name: 'apps_group_permissions_id' })
+  appsGroupPermissionsId: string;
+
+  @CreateDateColumn({ default: () => 'now()', name: 'created_at' })
+  createdAt: Date;
+
+  @UpdateDateColumn({ default: () => 'now()', name: 'updated_at' })
+  updatedAt: Date;
+
+  @ManyToOne(() => App, (app) => app.id)
+  @JoinColumn({ name: 'app_id' })
+  app: App;
+
+  @ManyToOne(() => AppsGroupPermissions, (appsPermissions) => appsPermissions.id)
+  @JoinColumn({ name: 'apps_group_permissions_id' })
+  appsPermissions: AppsGroupPermissions;
+}
diff --git a/server/src/entities/group_permissions.entity.ts b/server/src/entities/group_permissions.entity.ts
new file mode 100644
index 0000000000..da48c62278
--- /dev/null
+++ b/server/src/entities/group_permissions.entity.ts
@@ -0,0 +1,65 @@
+import {
+  BaseEntity,
+  Column,
+  CreateDateColumn,
+  Entity,
+  JoinColumn,
+  ManyToOne,
+  OneToMany,
+  PrimaryGeneratedColumn,
+  UpdateDateColumn,
+} from 'typeorm';
+import { Organization } from './organization.entity';
+import { GroupUsers } from './group_users.entity';
+import { GROUP_PERMISSIONS_TYPE } from '@module/user_resource_permissions/constants/group-permissions.constant';
+import { GranularPermissions } from './granular_permissions.entity';
+
+@Entity({ name: 'permission_groups' })
+export class GroupPermissions extends BaseEntity {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ name: 'organization_id' })
+  organizationId: string;
+
+  @Column({ name: 'name', nullable: false })
+  name: string;
+
+  @Column({ name: 'type', nullable: false, type: 'enum', enum: GROUP_PERMISSIONS_TYPE })
+  type: GROUP_PERMISSIONS_TYPE;
+
+  @Column({ name: 'app_create', default: false })
+  appCreate: boolean;
+
+  @Column({ name: 'app_delete', default: false })
+  appDelete: boolean;
+
+  @Column({ name: 'folder_crud', default: false })
+  folderCRUD: boolean;
+
+  @Column({ name: 'org_constant_crud', default: false })
+  orgConstantCRUD: boolean;
+
+  //This should not be part of CE
+  @Column({ name: 'data_source_create', default: false })
+  dataSourceCreate: boolean;
+
+  @Column({ name: 'data_source_delete', default: false })
+  dataSourceDelete: boolean;
+
+  @CreateDateColumn({ default: () => 'now()', name: 'created_at' })
+  createdAt: Date;
+
+  @UpdateDateColumn({ default: () => 'now()', name: 'updated_at' })
+  updatedAt: Date;
+
+  @ManyToOne(() => Organization, (organization) => organization.id)
+  @JoinColumn({ name: 'organization_id' })
+  organization: Organization;
+
+  @OneToMany(() => GroupUsers, (groupUsers) => groupUsers.group, { onDelete: 'CASCADE' })
+  groupUsers: GroupUsers[];
+
+  @OneToMany(() => GranularPermissions, (granularPermissions) => granularPermissions.group, { onDelete: 'CASCADE' })
+  groupGranularPermissions: GranularPermissions[];
+}
diff --git a/server/src/entities/group_users.entity.ts b/server/src/entities/group_users.entity.ts
new file mode 100644
index 0000000000..03ac55386b
--- /dev/null
+++ b/server/src/entities/group_users.entity.ts
@@ -0,0 +1,38 @@
+import {
+  BaseEntity,
+  Column,
+  CreateDateColumn,
+  Entity,
+  JoinColumn,
+  ManyToOne,
+  PrimaryGeneratedColumn,
+  UpdateDateColumn,
+} from 'typeorm';
+import { GroupPermissions } from './group_permissions.entity';
+import { User } from './user.entity';
+
+@Entity({ name: 'group_users' })
+export class GroupUsers extends BaseEntity {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ name: 'user_id', nullable: false })
+  userId: string;
+
+  @Column({ name: 'group_id', nullable: false })
+  groupId: string;
+
+  @CreateDateColumn({ default: () => 'now()', name: 'created_at' })
+  createdAt: Date;
+
+  @UpdateDateColumn({ default: () => 'now()', name: 'updated_at' })
+  updatedAt: Date;
+
+  @ManyToOne(() => User, (user) => user.id)
+  @JoinColumn({ name: 'user_id' })
+  user: User;
+
+  @ManyToOne(() => GroupPermissions, (group) => group.id)
+  @JoinColumn({ name: 'group_id' })
+  group: GroupPermissions;
+}
diff --git a/server/src/entities/organization.entity.ts b/server/src/entities/organization.entity.ts
index 291356c4f1..c76812725a 100644
--- a/server/src/entities/organization.entity.ts
+++ b/server/src/entities/organization.entity.ts
@@ -8,11 +8,12 @@ import {
   JoinColumn,
   BaseEntity,
 } from 'typeorm';
-import { GroupPermission } from './group_permission.entity';
 import { SSOConfigs } from './sso_config.entity';
 import { OrganizationUser } from './organization_user.entity';
 import { InternalTable } from './internal_table.entity';
 import { AppEnvironment } from './app_environments.entity';
+import { GroupPermissions } from './group_permissions.entity';
+import { GroupPermission } from './group_permission.entity';
 
 @Entity({ name: 'organizations' })
 export class Organization extends BaseEntity {
@@ -40,6 +41,10 @@ export class Organization extends BaseEntity {
   @UpdateDateColumn({ default: () => 'now()', name: 'updated_at' })
   updatedAt: Date;
 
+  @OneToMany(() => GroupPermissions, (groupPermissions) => groupPermissions.organization, { onDelete: 'CASCADE' })
+  permissionGroups: GroupPermissions[];
+
+  //Depreciated
   @OneToMany(() => GroupPermission, (groupPermission) => groupPermission.organization, { onDelete: 'CASCADE' })
   @JoinColumn({ name: 'organization_id' })
   groupPermissions: GroupPermission[];
diff --git a/server/src/entities/user.entity.ts b/server/src/entities/user.entity.ts
index a14c5ace6c..1166393268 100644
--- a/server/src/entities/user.entity.ts
+++ b/server/src/entities/user.entity.ts
@@ -18,9 +18,11 @@ import { App } from './app.entity';
 import { GroupPermission } from './group_permission.entity';
 const bcrypt = require('bcrypt');
 import { OrganizationUser } from './organization_user.entity';
-import { UserGroupPermission } from './user_group_permission.entity';
 import { File } from './file.entity';
 import { Organization } from './organization.entity';
+import { GroupUsers } from './group_users.entity';
+import { UserGroupPermission } from './user_group_permission.entity';
+import { GroupPermissions } from './group_permissions.entity';
 
 @Entity({ name: 'users' })
 export class User extends BaseEntity {
@@ -111,6 +113,7 @@ export class User extends BaseEntity {
   })
   avatar?: File;
 
+  //Depreciated
   @ManyToMany(() => GroupPermission)
   @JoinTable({
     name: 'user_group_permissions',
@@ -123,6 +126,22 @@ export class User extends BaseEntity {
   })
   groupPermissions: GroupPermission[];
 
+  @ManyToMany(() => GroupPermissions)
+  @JoinTable({
+    name: 'group_users',
+    joinColumn: {
+      name: 'user_id',
+    },
+    inverseJoinColumn: {
+      name: 'group_id',
+    },
+  })
+  userPermissions: GroupPermissions[];
+
+  @OneToMany(() => GroupUsers, (groupUsers) => groupUsers.user, { onDelete: 'CASCADE' })
+  userGroups: GroupUsers[];
+
+  //Depreciated
   @OneToMany(() => UserGroupPermission, (userGroupPermission) => userGroupPermission.user, { onDelete: 'CASCADE' })
   userGroupPermissions: UserGroupPermission[];
 
diff --git a/server/src/helpers/db-utility/db-search.helper.ts b/server/src/helpers/db-utility/db-search.helper.ts
new file mode 100644
index 0000000000..ef86d5219b
--- /dev/null
+++ b/server/src/helpers/db-utility/db-search.helper.ts
@@ -0,0 +1,16 @@
+import { Like } from 'typeorm';
+import { ConditionObject } from './db-utility.interface';
+
+export const createWhereConditions = (searchParamObject: ConditionObject): object => {
+  const whereConditions = {};
+  if (searchParamObject) return whereConditions;
+  for (const key of Object.keys(searchParamObject)) {
+    const condItem = searchParamObject[key];
+    if (typeof condItem === 'object' && 'useLike' in condItem && 'value' in condItem) {
+      whereConditions[key] = condItem?.useLike ? Like(`%${condItem.value}%`) : condItem.value;
+    } else {
+      whereConditions[key] = condItem;
+    }
+  }
+  return whereConditions;
+};
diff --git a/server/src/helpers/db-utility/db-utility.interface.ts b/server/src/helpers/db-utility/db-utility.interface.ts
new file mode 100644
index 0000000000..6ec605238c
--- /dev/null
+++ b/server/src/helpers/db-utility/db-utility.interface.ts
@@ -0,0 +1,8 @@
+export interface SearchParamItem {
+  value: string;
+  useLike: boolean;
+}
+
+export type ConditionObject = {
+  [key: string]: SearchParamItem | boolean | string | number;
+};
diff --git a/server/src/helpers/db_constraints.constants.ts b/server/src/helpers/db_constraints.constants.ts
index 90e6dbab8d..d55aa328e3 100644
--- a/server/src/helpers/db_constraints.constants.ts
+++ b/server/src/helpers/db_constraints.constants.ts
@@ -5,4 +5,7 @@ export enum DataBaseConstraints {
   WORKSPACE_NAME_UNIQUE = 'name_organizations_unique',
   WORKSPACE_SLUG_UNIQUE = 'slug_organizations_unique',
   USER_ORGANIZATION_UNIQUE = 'user_organization_unique',
+  GROUP_NAME_UNIQUE = 'group_name_organization_id_unique',
+  GROUP_USER_UNIQUE = 'user_group_unique',
+  GRANULAR_PERMISSIONS_NAME_UNIQUE = 'granular_permissions_name_unique',
 }
diff --git a/server/src/helpers/queries.ts b/server/src/helpers/queries.ts
index fb749d3a0d..fd971c5fa1 100644
--- a/server/src/helpers/queries.ts
+++ b/server/src/helpers/queries.ts
@@ -1,71 +1,62 @@
+import { UserAppsPermissions } from '@module/permissions/interface/permissions-ability.interface';
 import { AppBase } from 'src/entities/app_base.entity';
 import { Folder } from 'src/entities/folder.entity';
 import { User } from 'src/entities/user.entity';
-import { UserGroupPermission } from 'src/entities/user_group_permission.entity';
-import { Brackets, createQueryBuilder, SelectQueryBuilder } from 'typeorm';
+import { createQueryBuilder, EntityManager, SelectQueryBuilder } from 'typeorm';
 
-export function viewableAppsQuery(user: User, searchKey?: string, select?: Array<string>): SelectQueryBuilder<AppBase> {
-  const viewableAppsQb = createQueryBuilder(AppBase, 'viewable_apps');
-
-  if (select) {
-    viewableAppsQb.select(select.map((col) => `viewable_apps.${col}`));
-  }
-  viewableAppsQb
-    .innerJoin('viewable_apps.user', 'user')
-    .addSelect(['user.firstName', 'user.lastName'])
-    .innerJoin('viewable_apps.groupPermissions', 'group_permissions')
-    .innerJoinAndSelect('viewable_apps.appGroupPermissions', 'app_group_permissions')
-    .innerJoin(
-      UserGroupPermission,
-      'user_group_permissions',
-      'app_group_permissions.group_permission_id = user_group_permissions.group_permission_id'
-    )
-    .where(
-      new Brackets((qb) => {
-        qb.where('user_group_permissions.user_id = :userId', {
-          userId: user.id,
-        })
-          .andWhere('app_group_permissions.read = :value', { value: true })
-          .andWhere('app_group_permissions.hide_from_dashboard = :hideFromDashboard', {
-            hideFromDashboard: false,
-          })
-          .orWhere('viewable_apps.is_public = :value OR viewable_apps.user_id = :userId', {
-            value: true,
-            organizationId: user.organizationId,
-            userId: user.id,
-          });
-      })
-    )
-    .andWhere('viewable_apps.organization_id = :organizationId', { organizationId: user.organizationId });
+export function getFolderQuery(organizationId: string, searchKey?: string): SelectQueryBuilder<Folder> {
+  const query = createQueryBuilder(Folder, 'folders');
 
   if (searchKey) {
-    viewableAppsQb.andWhere('LOWER(viewable_apps.name) like :searchKey', {
-      searchKey: `%${searchKey && searchKey.toLowerCase()}%`,
-    });
-  }
-  viewableAppsQb.orderBy('viewable_apps.createdAt', 'DESC');
-  return viewableAppsQb;
-}
-
-export function getFolderQuery(
-  getAllFolders: boolean,
-  allViewableAppIds: Array<string>,
-  organizationId: string
-): SelectQueryBuilder<Folder> {
-  const query = createQueryBuilder(Folder, 'folders');
-  if (getAllFolders) {
-    query.leftJoinAndSelect('folders.folderApps', 'folder_apps', 'folder_apps.app_id IN(:...allViewableAppIds)', {
-      allViewableAppIds: [null, ...allViewableAppIds],
-    });
-  } else {
-    query.innerJoinAndSelect('folders.folderApps', 'folder_apps', 'folder_apps.app_id IN(:...allViewableAppIds)', {
-      allViewableAppIds: [null, ...allViewableAppIds],
-    });
+    query
+      .leftJoinAndSelect('folders.folderApps', 'folder_apps')
+      .leftJoin('folder_apps.app', 'app')
+      .where('LOWER(app.name) like :searchKey', {
+        searchKey: `%${searchKey && searchKey.toLowerCase()}%`,
+      });
   }
   query
     .andWhere('folders.organization_id = :organizationId', {
       organizationId,
     })
     .orderBy('folders.name', 'ASC');
+
   return query;
 }
+
+export function viewableAppsQueryUsingPermissions(
+  user: User,
+  userAppPermissions: UserAppsPermissions,
+  manager: EntityManager,
+  searchKey?: string,
+  select?: Array<string>
+): SelectQueryBuilder<AppBase> {
+  let viewableApps = userAppPermissions.hideAll
+    ? [null]
+    : [
+        null,
+        ...Array.from(
+          new Set(
+            [...userAppPermissions.editableAppsId, ...userAppPermissions.viewableAppsId].filter(
+              (id) => !userAppPermissions.hiddenAppsId.includes(id)
+            )
+          )
+        ),
+      ];
+  viewableApps = viewableApps.filter((id) => !userAppPermissions.hiddenAppsId.includes(id));
+  const viewableAppsQb = manager
+    .createQueryBuilder(AppBase, 'viewable_apps')
+    .innerJoin('viewable_apps.user', 'user')
+    .addSelect(['user.firstName', 'user.lastName'])
+    .where('viewable_apps.organization_id = :organizationId', { organizationId: user.organizationId });
+
+  if (select) {
+    viewableAppsQb.select(select.map((col) => `viewable_apps.${col}`));
+  }
+  if (userAppPermissions.hideAll || !(userAppPermissions.isAllEditable || userAppPermissions.isAllViewable)) {
+    viewableAppsQb.where('viewable_apps.id IN (:...viewableApps)', {
+      viewableApps,
+    });
+  }
+  return viewableAppsQb;
+}
diff --git a/server/src/modules/apps/apps.module.ts b/server/src/modules/apps/apps.module.ts
index 8fab37b8fe..8dae25d227 100644
--- a/server/src/modules/apps/apps.module.ts
+++ b/server/src/modules/apps/apps.module.ts
@@ -20,9 +20,6 @@ import { FoldersService } from '@services/folders.service';
 import { Folder } from 'src/entities/folder.entity';
 import { FolderApp } from 'src/entities/folder_app.entity';
 import { DataSource } from 'src/entities/data_source.entity';
-import { GroupPermission } from 'src/entities/group_permission.entity';
-import { AppGroupPermission } from 'src/entities/app_group_permission.entity';
-import { UserGroupPermission } from 'src/entities/user_group_permission.entity';
 import { AppImportExportService } from '@services/app_import_export.service';
 import { DataSourcesService } from '@services/data_sources.service';
 import { CredentialsService } from '@services/credentials.service';
@@ -43,9 +40,11 @@ import { ComponentsService } from '@services/components.service';
 import { PageService } from '@services/page.service';
 import { EventsService } from '@services/events_handler.service';
 import { TooljetDbModule } from '../tooljet_db/tooljet_db.module';
+import { UserResourcePermissionsModule } from '@module/user_resource_permissions/user_resource_permissions.module';
 
 @Module({
   imports: [
+    UserResourcePermissionsModule,
     TypeOrmModule.forFeature([
       App,
       AppVersion,
@@ -57,9 +56,6 @@ import { TooljetDbModule } from '../tooljet_db/tooljet_db.module';
       User,
       Organization,
       DataSource,
-      GroupPermission,
-      AppGroupPermission,
-      UserGroupPermission,
       Credential,
       File,
       Plugin,
diff --git a/server/src/modules/auth/auth.module.ts b/server/src/modules/auth/auth.module.ts
index a31316a67f..6fe0cc9ae5 100644
--- a/server/src/modules/auth/auth.module.ts
+++ b/server/src/modules/auth/auth.module.ts
@@ -15,14 +15,10 @@ import { ConfigService } from '@nestjs/config';
 import { EmailService } from '@services/email.service';
 import { OauthService, GoogleOAuthService, GitOAuthService } from '@ee/services/oauth';
 import { OauthController } from '@ee/controllers/oauth.controller';
-import { GroupPermission } from 'src/entities/group_permission.entity';
 import { App } from 'src/entities/app.entity';
 import { File } from 'src/entities/file.entity';
 import { FilesService } from '@services/files.service';
 import { SSOConfigs } from 'src/entities/sso_config.entity';
-import { GroupPermissionsService } from '@services/group_permissions.service';
-import { AppGroupPermission } from 'src/entities/app_group_permission.entity';
-import { UserGroupPermission } from 'src/entities/user_group_permission.entity';
 import { EncryptionService } from '@services/encryption.service';
 import { DataSourcesService } from '@services/data_sources.service';
 import { CredentialsService } from '@services/credentials.service';
@@ -37,21 +33,20 @@ import { MetadataService } from '@services/metadata.service';
 import { SessionService } from '@services/session.service';
 import { SessionScheduler } from 'src/schedulers/session.scheduler';
 import { TooljetDbModule } from '../tooljet_db/tooljet_db.module';
+import { UserResourcePermissionsModule } from '@module/user_resource_permissions/user_resource_permissions.module';
 
 @Module({
   imports: [
     UsersModule,
     PassportModule,
+    UserResourcePermissionsModule,
     TypeOrmModule.forFeature([
       User,
       File,
       Organization,
       OrganizationUser,
-      GroupPermission,
       App,
       SSOConfigs,
-      AppGroupPermission,
-      UserGroupPermission,
       DataSource,
       Credential,
       Plugin,
@@ -79,7 +74,6 @@ import { TooljetDbModule } from '../tooljet_db/tooljet_db.module';
     GoogleOAuthService,
     GitOAuthService,
     FilesService,
-    GroupPermissionsService,
     EncryptionService,
     DataSourcesService,
     CredentialsService,
diff --git a/server/src/modules/casl/abilities/apps-ability.factory.ts b/server/src/modules/casl/abilities/apps-ability.factory.ts
index 73e70c2760..e58ff4f739 100644
--- a/server/src/modules/casl/abilities/apps-ability.factory.ts
+++ b/server/src/modules/casl/abilities/apps-ability.factory.ts
@@ -3,34 +3,36 @@ import { InferSubjects, AbilityBuilder, Ability, AbilityClass, ExtractSubjectTyp
 import { Injectable } from '@nestjs/common';
 import { App } from 'src/entities/app.entity';
 import { AppVersion } from 'src/entities/app_version.entity';
-import { UsersService } from 'src/services/users.service';
+import { AbilityService } from '@services/permissions-ability.service';
+import { APP_RESOURCE_ACTIONS, TOOLJET_RESOURCE } from 'src/constants/global.constant';
 
 type Actions =
-  | 'authorizeOauthForSource'
-  | 'cloneApp'
-  | 'importApp'
-  | 'createApp'
+  | 'authorizeOauthForSource' //Deprecated
+  | APP_RESOURCE_ACTIONS.CLONE
+  | APP_RESOURCE_ACTIONS.IMPORT
+  | APP_RESOURCE_ACTIONS.CREATE
   | 'createDataSource'
   | 'createQuery'
   | 'createUsers'
-  | 'createVersions'
-  | 'deleteVersions'
+  | APP_RESOURCE_ACTIONS.VERSIONS_CREATE
+  | APP_RESOURCE_ACTIONS.VERSION_DELETE
   | 'deleteApp'
   | 'deleteDataSource'
   | 'deleteQuery'
   | 'fetchUsers'
-  | 'fetchVersions'
+  | APP_RESOURCE_ACTIONS.VERSION_READ
   | 'getDataSources'
   | 'getQueries'
   | 'previewQuery'
   | 'runQuery'
   | 'updateDataSource'
-  | 'updateParams'
+  | APP_RESOURCE_ACTIONS.UPDATE
   | 'updateQuery'
-  | 'updateVersions'
-  | 'updateIcon'
-  | 'viewApp'
-  | 'editApp';
+  | APP_RESOURCE_ACTIONS.VERSION_UPDATE
+  | APP_RESOURCE_ACTIONS.UPDATE
+  | APP_RESOURCE_ACTIONS.VIEW
+  | APP_RESOURCE_ACTIONS.EDIT
+  | APP_RESOURCE_ACTIONS.EXPORT;
 
 type Subjects = InferSubjects<typeof AppVersion | typeof User | typeof App> | 'all';
 
@@ -38,66 +40,81 @@ export type AppsAbility = Ability<[Actions, Subjects]>;
 
 @Injectable()
 export class AppsAbilityFactory {
-  constructor(private usersService: UsersService) {}
+  constructor(private abilityService: AbilityService) {}
 
   async appsActions(user: User, id?: string) {
-    const { can, build } = new AbilityBuilder<Ability<[Actions, Subjects]>>(Ability as AbilityClass<AppsAbility>);
-    const canUpdateApp = await this.usersService.userCan(user, 'update', 'App', id);
+    const { can, build } = new AbilityBuilder<Ability<[Actions | APP_RESOURCE_ACTIONS, Subjects]>>(
+      Ability as AbilityClass<AppsAbility>
+    );
 
-    if (await this.usersService.userCan(user, 'create', 'User')) {
-      can('createUsers', App, { organizationId: user.organizationId });
+    const userPermission = await this.abilityService.resourceActionsPermission(user, {
+      organizationId: user.organizationId,
+      ...(id && { resources: [{ resource: TOOLJET_RESOURCE.APP, resourceId: id }] }),
+    });
+    const userAppPermissions = userPermission?.App;
+    const appUpdateAllowed = userAppPermissions
+      ? userAppPermissions.isAllEditable || userAppPermissions.editableAppsId.includes(id)
+      : false;
+    const appViewAllowed = userAppPermissions
+      ? appUpdateAllowed || userAppPermissions.isAllViewable || userAppPermissions.viewableAppsId.includes(id)
+      : false;
+
+    //For app users.
+    if (userPermission.appCreate) {
+      can('createUsers', App);
     }
 
-    if (canUpdateApp) {
-      can('editApp', App, { organizationId: user.organizationId });
+    if (appUpdateAllowed) {
+      can(APP_RESOURCE_ACTIONS.EDIT, App);
     }
 
-    if (await this.usersService.userCan(user, 'create', 'App')) {
-      can('createApp', App);
-      can('importApp', App);
-      if (canUpdateApp) {
-        can('cloneApp', App, { organizationId: user.organizationId });
+    if (userPermission.appCreate) {
+      can(APP_RESOURCE_ACTIONS.CREATE, App);
+      can(APP_RESOURCE_ACTIONS.IMPORT, App);
+      can(APP_RESOURCE_ACTIONS.EXPORT, App);
+      if (appUpdateAllowed) {
+        can(APP_RESOURCE_ACTIONS.CLONE, App);
       }
     }
 
-    if (await this.usersService.userCan(user, 'read', 'App', id)) {
-      can('viewApp', App, { organizationId: user.organizationId });
+    if (appViewAllowed) {
+      can(APP_RESOURCE_ACTIONS.VIEW, App);
 
-      can('fetchUsers', App, { organizationId: user.organizationId });
-      can('fetchVersions', App, { organizationId: user.organizationId });
+      //Delete this actions
+      can('fetchUsers', App);
+      can(APP_RESOURCE_ACTIONS.VERSION_READ, App);
 
-      can('runQuery', App, { organizationId: user.organizationId });
-      can('getQueries', App, { organizationId: user.organizationId });
-      can('previewQuery', App, { organizationId: user.organizationId });
+      can('runQuery', App);
+      can('getQueries', App);
+      can('previewQuery', App);
 
-      // policies for datasources
-      can('getDataSources', App, { organizationId: user.organizationId });
-      can('authorizeOauthForSource', App, {
-        organizationId: user.organizationId,
-      });
+      // policies for data sources
+      can('getDataSources', App);
+      can('authorizeOauthForSource', App);
     }
 
-    if (canUpdateApp) {
-      can('updateParams', App, { organizationId: user.organizationId });
-      can('createVersions', App, { organizationId: user.organizationId });
-      can('deleteVersions', App, { organizationId: user.organizationId });
-      can('updateVersions', App, { organizationId: user.organizationId });
-      can('updateIcon', App, { organizationId: user.organizationId });
+    if (appUpdateAllowed) {
+      can(APP_RESOURCE_ACTIONS.UPDATE, App);
+      can(APP_RESOURCE_ACTIONS.VERSIONS_CREATE, App);
+      can(APP_RESOURCE_ACTIONS.VERSION_DELETE, App);
+      can(APP_RESOURCE_ACTIONS.VERSION_UPDATE, App);
+      can(APP_RESOURCE_ACTIONS.UPDATE, App);
 
-      can('updateQuery', App, { organizationId: user.organizationId });
-      can('createQuery', App, { organizationId: user.organizationId });
-      can('deleteQuery', App, { organizationId: user.organizationId });
+      can('updateQuery', App);
+      can('createQuery', App);
+      can('deleteQuery', App);
 
-      can('updateDataSource', App, { organizationId: user.organizationId });
-      can('createDataSource', App, { organizationId: user.organizationId });
-      can('deleteDataSource', App, { organizationId: user.organizationId });
+      //TODO: Need to remove this after depreciating local data source
+      can('updateDataSource', App);
+      can('createDataSource', App);
+      can('deleteDataSource', App);
     }
 
-    if (await this.usersService.userCan(user, 'delete', 'App', id)) {
-      can('deleteApp', App, { organizationId: user.organizationId });
+    if (userPermission.appDelete) {
+      can('deleteApp', App);
     }
 
-    can('viewApp', App, { isPublic: true });
+    can(APP_RESOURCE_ACTIONS.VIEW, App, { isPublic: true });
     can('runQuery', App, { isPublic: true });
 
     return build({
diff --git a/server/src/modules/casl/abilities/comments-ability.factory.ts b/server/src/modules/casl/abilities/comments-ability.factory.ts
index ca435981d9..3008168067 100644
--- a/server/src/modules/casl/abilities/comments-ability.factory.ts
+++ b/server/src/modules/casl/abilities/comments-ability.factory.ts
@@ -2,9 +2,14 @@ import { User } from 'src/entities/user.entity';
 import { InferSubjects, AbilityBuilder, Ability, AbilityClass, ExtractSubjectType } from '@casl/ability';
 import { Injectable } from '@nestjs/common';
 import { Comment } from 'src/entities/comment.entity';
-import { UsersService } from 'src/services/users.service';
+import { COMMENT_RESOURCE_ACTION, TOOLJET_RESOURCE } from 'src/constants/global.constant';
+import { AbilityService } from '@services/permissions-ability.service';
 
-type Actions = 'createComment' | 'deleteComment' | 'fetchComments' | 'updateComment';
+type Actions =
+  | COMMENT_RESOURCE_ACTION.CREATE
+  | COMMENT_RESOURCE_ACTION.DELETE
+  | COMMENT_RESOURCE_ACTION.READ
+  | COMMENT_RESOURCE_ACTION.UPDATE;
 
 type Subjects = InferSubjects<typeof User | typeof Comment> | 'all';
 
@@ -12,25 +17,35 @@ export type CommentsAbility = Ability<[Actions, Subjects]>;
 
 @Injectable()
 export class CommentsAbilityFactory {
-  constructor(private usersService: UsersService) {}
+  constructor(private abilityService: AbilityService) {}
 
   async appsActions(user: User, params: any) {
     const { can, build } = new AbilityBuilder<Ability<[Actions, Subjects]>>(Ability as AbilityClass<CommentsAbility>);
+    const { id } = params;
 
-    if (await this.usersService.userCan(user, 'create', 'Comment', params.id)) {
-      can('createComment', Comment, { organizationId: user.organizationId });
+    const userPermission = await this.abilityService.resourceActionsPermission(user, {
+      organizationId: user.organizationId,
+      ...(id && { resources: [{ resource: TOOLJET_RESOURCE.APP, resourceId: id }] }),
+    });
+    const userAppPermissions = userPermission?.App;
+    const appUpdateAllowed = userAppPermissions
+      ? userAppPermissions.isAllEditable || userAppPermissions.editableAppsId.includes(id)
+      : false;
+
+    if (appUpdateAllowed) {
+      can(COMMENT_RESOURCE_ACTION.CREATE, Comment, { organizationId: user.organizationId });
     }
 
-    if (await this.usersService.userCan(user, 'read', 'Comment', params.id)) {
-      can('fetchComments', Comment, { organizationId: user.organizationId });
+    if (appUpdateAllowed) {
+      can(COMMENT_RESOURCE_ACTION.READ, Comment, { organizationId: user.organizationId });
     }
 
-    if (await this.usersService.userCan(user, 'update', 'Comment', params.id)) {
-      can('updateComment', Comment, { organizationId: user.organizationId });
+    if (appUpdateAllowed) {
+      can(COMMENT_RESOURCE_ACTION.UPDATE, Comment, { organizationId: user.organizationId });
     }
 
-    if (await this.usersService.userCan(user, 'delete', 'Comment', params.id)) {
-      can('deleteComment', Comment, { organizationId: user.organizationId });
+    if (appUpdateAllowed) {
+      can(COMMENT_RESOURCE_ACTION.DELETE, Comment, { organizationId: user.organizationId });
     }
 
     return build({
diff --git a/server/src/modules/casl/abilities/data-queries-ability.factory.ts b/server/src/modules/casl/abilities/data-queries-ability.factory.ts
new file mode 100644
index 0000000000..33949ac1a7
--- /dev/null
+++ b/server/src/modules/casl/abilities/data-queries-ability.factory.ts
@@ -0,0 +1,54 @@
+// import { User } from 'src/entities/user.entity';
+// import { InferSubjects, AbilityBuilder, Ability, AbilityClass, ExtractSubjectType } from '@casl/ability';
+// import { Injectable } from '@nestjs/common';
+// import { Comment } from 'src/entities/comment.entity';
+// import { UsersService } from 'src/services/users.service';
+// import { COMMENT_RESOURCE_ACTION, TOOLJET_RESOURCE } from 'src/constants/global.constant';
+// import { AbilityService } from '@services/permissions-ability.service';
+
+// type Actions = COMMENT_RESOURCE_ACTION.CREATE | COMMENT_RESOURCE_ACTION.DELETE | COMMENT_RESOURCE_ACTION.READ | COMMENT_RESOURCE_ACTION.UPDATE;
+
+// type Subjects = InferSubjects<typeof User | typeof Comment> | 'all';
+
+// export type CommentsAbility = Ability<[Actions, Subjects]>;
+
+// @Injectable()
+// export class DataQueryAbilityFactory {
+//   constructor(private usersService: UsersService,private abilityService: AbilityService) {}
+
+//   async appsActions(user: User, params: any) {
+//     const { can, build } = new AbilityBuilder<Ability<[Actions, Subjects]>>(Ability as AbilityClass<CommentsAbility>);
+//     const { id } = params
+
+//     const userPermission = await this.abilityService.resourceActionsPermission(user, {
+//       organizationId: user.organizationId,
+//       ...(id && { resources: [{ resource: TOOLJET_RESOURCE.APP, resourceId: id }] }),
+//     });
+//     const userAppPermissions = userPermission?.App;
+//     const appUpdateAllowed =
+//       (userAppPermissions && userAppPermissions.isAllEditable) || userAppPermissions.editableAppsId.includes(id);
+//     const appViewAllowed =
+//       userAppPermissions &&
+//       (appUpdateAllowed || userAppPermissions.isAllViewable || userAppPermissions.viewableAppsId.includes(id));
+
+//     if (appUpdateAllowed) {
+//       can([COMMENT_RESOURCE_ACTION.CREATE], Comment, { organizationId: user.organizationId });
+//     }
+
+//     if (await this.usersService.userCan(user, 'read', 'Comment', params.id)) {
+//       can(COMMENT_RESOURCE_ACTION.READ, Comment, { organizationId: user.organizationId });
+//     }
+
+//     if (await this.usersService.userCan(user, 'update', 'Comment', params.id)) {
+//       can(COMMENT_RESOURCE_ACTION.UPDATE, Comment, { organizationId: user.organizationId });
+//     }
+
+//     if (await this.usersService.userCan(user, 'delete', 'Comment', params.id)) {
+//       can(COMMENT_RESOURCE_ACTION.DELETE, Comment, { organizationId: user.organizationId });
+//     }
+
+//     return build({
+//       detectSubjectType: (item) => item.constructor as ExtractSubjectType<Subjects>,
+//     });
+//   }
+// }
diff --git a/server/src/modules/casl/abilities/folders-ability.factory.ts b/server/src/modules/casl/abilities/folders-ability.factory.ts
index 59c43ec7f7..f544f12d09 100644
--- a/server/src/modules/casl/abilities/folders-ability.factory.ts
+++ b/server/src/modules/casl/abilities/folders-ability.factory.ts
@@ -1,10 +1,11 @@
 import { User } from 'src/entities/user.entity';
 import { InferSubjects, AbilityBuilder, Ability, AbilityClass, ExtractSubjectType } from '@casl/ability';
 import { Injectable } from '@nestjs/common';
-import { UsersService } from 'src/services/users.service';
 import { Folder } from 'src/entities/folder.entity';
+import { FOLDER_RESOURCE_ACTION } from 'src/constants/global.constant';
+import { AbilityService } from '@services/permissions-ability.service';
 
-type Actions = 'createFolder' | 'updateFolder' | 'deleteFolder';
+type Actions = FOLDER_RESOURCE_ACTION.CREATE | FOLDER_RESOURCE_ACTION.UPDATE | FOLDER_RESOURCE_ACTION.DELETE;
 
 type Subjects = InferSubjects<typeof User | typeof Folder> | 'all';
 
@@ -12,21 +13,16 @@ export type FoldersAbility = Ability<[Actions, Subjects]>;
 
 @Injectable()
 export class FoldersAbilityFactory {
-  constructor(private usersService: UsersService) {}
+  constructor(private abilityService: AbilityService) {}
 
-  async folderActions(user: User, params: any) {
+  async folderActions(user: User) {
     const { can, build } = new AbilityBuilder<Ability<[Actions, Subjects]>>(Ability as AbilityClass<FoldersAbility>);
-
-    if (await this.usersService.userCan(user, 'create', 'Folder')) {
-      can('createFolder', Folder);
-    }
-
-    if (await this.usersService.userCan(user, 'update', 'Folder')) {
-      can('updateFolder', Folder);
-    }
-
-    if (await this.usersService.userCan(user, 'delete', 'Folder')) {
-      can('deleteFolder', Folder);
+    const userPermission = await this.abilityService.resourceActionsPermission(user, {
+      organizationId: user.organizationId,
+    });
+    const folderPermission = userPermission.folderCRUD;
+    if (folderPermission) {
+      can([FOLDER_RESOURCE_ACTION.CREATE, FOLDER_RESOURCE_ACTION.UPDATE, FOLDER_RESOURCE_ACTION.DELETE], Folder);
     }
 
     return build({
diff --git a/server/src/modules/casl/abilities/global-datasource-ability.factory.ts b/server/src/modules/casl/abilities/global-datasource-ability.factory.ts
index c2640ab3f8..591f17e8c9 100644
--- a/server/src/modules/casl/abilities/global-datasource-ability.factory.ts
+++ b/server/src/modules/casl/abilities/global-datasource-ability.factory.ts
@@ -1,13 +1,14 @@
 import { User } from 'src/entities/user.entity';
 import { InferSubjects, AbilityBuilder, Ability, AbilityClass, ExtractSubjectType } from '@casl/ability';
 import { Injectable } from '@nestjs/common';
-import { UsersService } from 'src/services/users.service';
 import { DataSource } from 'src/entities/data_source.entity';
+import { AbilityService } from '@services/permissions-ability.service';
+import { GLOBAL_DATA_SOURCE_RESOURCE_ACTIONS } from 'src/constants/global.constant';
 
 type Actions =
-  | 'createGlobalDataSource'
-  | 'updateGlobalDataSource'
-  | 'deleteGlobalDataSource'
+  | GLOBAL_DATA_SOURCE_RESOURCE_ACTIONS.CREATE
+  | GLOBAL_DATA_SOURCE_RESOURCE_ACTIONS.UPDATE
+  | GLOBAL_DATA_SOURCE_RESOURCE_ACTIONS.DELETE
   | 'authorizeOauthForSource'
   | 'fetchEnvironments';
 
@@ -17,28 +18,26 @@ export type GlobalDataSourcesAbility = Ability<[Actions, Subjects]>;
 
 @Injectable()
 export class GlobalDataSourceAbilityFactory {
-  constructor(private usersService: UsersService) {}
+  constructor(private abilityService: AbilityService) {}
 
   async globalDataSourceActions(user: User) {
     const { can, build } = new AbilityBuilder<Ability<[Actions, Subjects]>>(
       Ability as AbilityClass<GlobalDataSourcesAbility>
     );
-
-    if (await this.usersService.userCan(user, 'create', 'GlobalDataSource')) {
-      can('createGlobalDataSource', DataSource);
-      can('fetchEnvironments', DataSource);
+    const userPermission = await this.abilityService.resourceActionsPermission(user, {
+      organizationId: user.organizationId,
+    });
+    const globalDataSourcePermission = userPermission.isAdmin;
+    if (globalDataSourcePermission) {
+      can(GLOBAL_DATA_SOURCE_RESOURCE_ACTIONS.CREATE, DataSource);
     }
 
-    if (await this.usersService.userCan(user, 'update', 'GlobalDataSource')) {
-      can('updateGlobalDataSource', DataSource);
+    if (globalDataSourcePermission) {
+      can(GLOBAL_DATA_SOURCE_RESOURCE_ACTIONS.UPDATE, DataSource);
     }
 
-    if (await this.usersService.userCan(user, 'delete', 'GlobalDataSource')) {
-      can('deleteGlobalDataSource', DataSource);
-    }
-
-    if (await this.usersService.userCan(user, 'create', 'GlobalDataSource')) {
-      can('authorizeOauthForSource', DataSource);
+    if (globalDataSourcePermission) {
+      can(GLOBAL_DATA_SOURCE_RESOURCE_ACTIONS.DELETE, DataSource);
     }
 
     return build({
diff --git a/server/src/modules/casl/abilities/org-environment-variables-ability.factory.ts b/server/src/modules/casl/abilities/org-environment-variables-ability.factory.ts
index 4892842c81..b717986238 100644
--- a/server/src/modules/casl/abilities/org-environment-variables-ability.factory.ts
+++ b/server/src/modules/casl/abilities/org-environment-variables-ability.factory.ts
@@ -1,8 +1,8 @@
 import { User } from 'src/entities/user.entity';
 import { InferSubjects, AbilityBuilder, Ability, AbilityClass, ExtractSubjectType } from '@casl/ability';
 import { Injectable } from '@nestjs/common';
-import { UsersService } from 'src/services/users.service';
 import { OrgEnvironmentVariable } from 'src/entities/org_envirnoment_variable.entity';
+import { AbilityService } from '@services/permissions-ability.service';
 
 type Actions =
   | 'createOrgEnvironmentVariable'
@@ -16,23 +16,27 @@ export type OrgEnvironmentVariablesAbility = Ability<[Actions, Subjects]>;
 
 @Injectable()
 export class OrgEnvironmentVariablesAbilityFactory {
-  constructor(private usersService: UsersService) {}
+  constructor(private abilityService: AbilityService) {}
 
   async orgEnvironmentVariableActions(user: User, params: any) {
     const { can, build } = new AbilityBuilder<Ability<[Actions, Subjects]>>(
       Ability as AbilityClass<OrgEnvironmentVariablesAbility>
     );
+    const userPermission = await this.abilityService.resourceActionsPermission(user, {
+      organizationId: user.organizationId,
+    });
+    const constantPermissions = userPermission.orgConstantCRUD;
 
-    if (await this.usersService.userCan(user, 'create', 'OrgEnvironmentVariable')) {
+    if (constantPermissions) {
       can('createOrgEnvironmentVariable', OrgEnvironmentVariable);
       can('fetchEnvironments', OrgEnvironmentVariable);
     }
 
-    if (await this.usersService.userCan(user, 'update', 'OrgEnvironmentVariable')) {
+    if (constantPermissions) {
       can('updateOrgEnvironmentVariable', OrgEnvironmentVariable);
     }
 
-    if (await this.usersService.userCan(user, 'delete', 'OrgEnvironmentVariable')) {
+    if (constantPermissions) {
       can('deleteOrgEnvironmentVariable', OrgEnvironmentVariable);
     }
 
diff --git a/server/src/modules/casl/abilities/organization-constants-ability.factory.ts b/server/src/modules/casl/abilities/organization-constants-ability.factory.ts
index 9bc033a075..842faa252e 100644
--- a/server/src/modules/casl/abilities/organization-constants-ability.factory.ts
+++ b/server/src/modules/casl/abilities/organization-constants-ability.factory.ts
@@ -1,29 +1,37 @@
 import { User } from 'src/entities/user.entity';
 import { InferSubjects, AbilityBuilder, Ability, AbilityClass, ExtractSubjectType } from '@casl/ability';
 import { Injectable } from '@nestjs/common';
-import { UsersService } from 'src/services/users.service';
 import { OrganizationConstant } from 'src/entities/organization_constants.entity';
+import { AbilityService } from '@services/permissions-ability.service';
+import { ORGANIZATION_CONSTANT_RESOURCE_ACTIONS } from 'src/constants/global.constant';
 
-type Actions = 'createOrganizationConstant' | 'deleteOrganizationConstant';
 type Subjects = InferSubjects<typeof User | typeof OrganizationConstant> | 'all';
 
-export type OrganizationConstantsAbility = Ability<[Actions, Subjects]>;
+export type OrganizationConstantsAbility = Ability<[ORGANIZATION_CONSTANT_RESOURCE_ACTIONS, Subjects]>;
 
 @Injectable()
 export class OrganizationConstantsAbilityFactory {
-  constructor(private usersService: UsersService) {}
+  constructor(private abilityService: AbilityService) {}
 
   async organizationConstantActions(user: User, params: any) {
-    const { can, build } = new AbilityBuilder<Ability<[Actions, Subjects]>>(
+    const { can, build } = new AbilityBuilder<Ability<[ORGANIZATION_CONSTANT_RESOURCE_ACTIONS, Subjects]>>(
       Ability as AbilityClass<OrganizationConstantsAbility>
     );
 
-    if (await this.usersService.userCan(user, 'create', 'OrganizationConstant')) {
-      can('createOrganizationConstant', OrganizationConstant);
-    }
+    const userPermission = await this.abilityService.resourceActionsPermission(user, {
+      organizationId: user.organizationId,
+    });
+    const constantPermissions = userPermission.orgConstantCRUD;
 
-    if (await this.usersService.userCan(user, 'delete', 'OrganizationConstant')) {
-      can('deleteOrganizationConstant', OrganizationConstant);
+    if (constantPermissions) {
+      can(
+        [
+          ORGANIZATION_CONSTANT_RESOURCE_ACTIONS.CREATE,
+          ORGANIZATION_CONSTANT_RESOURCE_ACTIONS.DELETE,
+          ORGANIZATION_CONSTANT_RESOURCE_ACTIONS.UPDATE,
+        ],
+        OrganizationConstant
+      );
     }
 
     return build({
diff --git a/server/src/modules/casl/abilities/plugins-ability.factory.ts b/server/src/modules/casl/abilities/plugins-ability.factory.ts
index 0c21973c91..01343b3509 100644
--- a/server/src/modules/casl/abilities/plugins-ability.factory.ts
+++ b/server/src/modules/casl/abilities/plugins-ability.factory.ts
@@ -1,10 +1,11 @@
 import { User } from 'src/entities/user.entity';
 import { InferSubjects, AbilityBuilder, Ability, AbilityClass, ExtractSubjectType } from '@casl/ability';
 import { Injectable } from '@nestjs/common';
-import { UsersService } from 'src/services/users.service';
 import { Plugin } from 'src/entities/plugin.entity';
+import { AbilityService } from '@services/permissions-ability.service';
+import { PLUGIN_RESOURCE_ACTION } from 'src/constants/global.constant';
 
-type Actions = 'installPlugin' | 'updatePlugin' | 'deletePlugin';
+type Actions = PLUGIN_RESOURCE_ACTION.INSTALL | PLUGIN_RESOURCE_ACTION.UPDATE | PLUGIN_RESOURCE_ACTION.DELETE;
 
 type Subjects = InferSubjects<typeof User | typeof Plugin> | 'all';
 
@@ -12,21 +13,18 @@ export type PluginsAbility = Ability<[Actions, Subjects]>;
 
 @Injectable()
 export class PluginsAbilityFactory {
-  constructor(private usersService: UsersService) {}
+  constructor(private abilityService: AbilityService) {}
 
   async pluginActions(user: User) {
     const { can, build } = new AbilityBuilder<Ability<[Actions, Subjects]>>(Ability as AbilityClass<PluginsAbility>);
 
-    if (await this.usersService.userCan(user, 'create', 'Plugin')) {
-      can('installPlugin', Plugin);
-    }
+    const userPermission = await this.abilityService.resourceActionsPermission(user, {
+      organizationId: user.organizationId,
+    });
+    const pluginPermission = userPermission.isAdmin;
 
-    if (await this.usersService.userCan(user, 'update', 'Plugin')) {
-      can('updatePlugin', Plugin);
-    }
-
-    if (await this.usersService.userCan(user, 'delete', 'Plugin')) {
-      can('deletePlugin', Plugin);
+    if (pluginPermission) {
+      can([PLUGIN_RESOURCE_ACTION.INSTALL, PLUGIN_RESOURCE_ACTION.UPDATE, PLUGIN_RESOURCE_ACTION.DELETE], Plugin);
     }
 
     return build({
diff --git a/server/src/modules/casl/abilities/threads-ability.factory.ts b/server/src/modules/casl/abilities/threads-ability.factory.ts
index 1e79d169ea..3602829fb5 100644
--- a/server/src/modules/casl/abilities/threads-ability.factory.ts
+++ b/server/src/modules/casl/abilities/threads-ability.factory.ts
@@ -2,9 +2,14 @@ import { User } from 'src/entities/user.entity';
 import { InferSubjects, AbilityBuilder, Ability, AbilityClass, ExtractSubjectType } from '@casl/ability';
 import { Injectable } from '@nestjs/common';
 import { Thread } from 'src/entities/thread.entity';
-import { UsersService } from 'src/services/users.service';
+import { AbilityService } from '@services/permissions-ability.service';
+import { THREAD_RESOURCE_ACTION, TOOLJET_RESOURCE } from 'src/constants/global.constant';
 
-type Actions = 'createThread' | 'deleteThread' | 'fetchThreads' | 'updateThread';
+type Actions =
+  | THREAD_RESOURCE_ACTION.CREATE
+  | THREAD_RESOURCE_ACTION.DELETE
+  | THREAD_RESOURCE_ACTION.READ
+  | THREAD_RESOURCE_ACTION.UPDATE;
 
 type Subjects = InferSubjects<typeof User | typeof Thread> | 'all';
 
@@ -12,25 +17,28 @@ export type ThreadsAbility = Ability<[Actions, Subjects]>;
 
 @Injectable()
 export class ThreadsAbilityFactory {
-  constructor(private usersService: UsersService) {}
+  constructor(private abilityService: AbilityService) {}
 
   async appsActions(user: User, id: string) {
     const { can, build } = new AbilityBuilder<Ability<[Actions, Subjects]>>(Ability as AbilityClass<ThreadsAbility>);
+    const userPermission = await this.abilityService.resourceActionsPermission(user, {
+      organizationId: user.organizationId,
+      ...(id && { resources: [{ resource: TOOLJET_RESOURCE.APP, resourceId: id }] }),
+    });
+    const userAppPermissions = userPermission?.App;
+    const appUpdateAllowed =
+      (userAppPermissions && userAppPermissions.isAllEditable) || userAppPermissions.editableAppsId.includes(id);
 
-    if (await this.usersService.userCan(user, 'create', 'Thread', id)) {
-      can('createThread', Thread, { organizationId: user.organizationId });
-    }
-
-    if (await this.usersService.userCan(user, 'read', 'Thread', id)) {
-      can('fetchThreads', Thread, { organizationId: user.organizationId });
-    }
-
-    if (await this.usersService.userCan(user, 'update', 'Thread', id)) {
-      can('updateThread', Thread, { organizationId: user.organizationId });
-    }
-
-    if (await this.usersService.userCan(user, 'delete', 'Thread', id)) {
-      can('deleteThread', Thread, { organizationId: user.organizationId });
+    if (appUpdateAllowed) {
+      can(
+        [
+          THREAD_RESOURCE_ACTION.CREATE,
+          THREAD_RESOURCE_ACTION.READ,
+          THREAD_RESOURCE_ACTION.UPDATE,
+          THREAD_RESOURCE_ACTION.DELETE,
+        ],
+        Thread
+      );
     }
 
     return build({
diff --git a/server/src/modules/casl/abilities/tooljet-db-ability.factory.ts b/server/src/modules/casl/abilities/tooljet-db-ability.factory.ts
index b008ceb307..3b11a8b79e 100644
--- a/server/src/modules/casl/abilities/tooljet-db-ability.factory.ts
+++ b/server/src/modules/casl/abilities/tooljet-db-ability.factory.ts
@@ -1,8 +1,8 @@
 import { User } from 'src/entities/user.entity';
 import { AbilityBuilder, Ability, AbilityClass, ExtractSubjectType } from '@casl/ability';
 import { Injectable } from '@nestjs/common';
-import { UsersService } from 'src/services/users.service';
 import { isEmpty } from 'lodash';
+import { AbilityService } from '@services/permissions-ability.service';
 
 export enum Action {
   ProxyPostgrest = 'proxyPostgrest',
@@ -27,14 +27,20 @@ export type TooljetDbAbility = Ability<[Action, Subjects]>;
 
 @Injectable()
 export class TooljetDbAbilityFactory {
-  constructor(private usersService: UsersService) {}
+  constructor(private abilityService: AbilityService) {}
 
   async actions(user: User, params: any) {
     const { can, build } = new AbilityBuilder<Ability<[Action, Subjects]>>(Ability as AbilityClass<TooljetDbAbility>);
     const { organizationId, dataQuery } = params;
     const isPublicAppRequest = isEmpty(organizationId) && !isEmpty(dataQuery) && dataQuery.app.isPublic;
     const isUserLoggedin = !isEmpty(user) && !isEmpty(organizationId);
-    const isAdmin = !isEmpty(user) ? await this.usersService.hasGroup(user, 'admin', params.organizationId) : false;
+    const isAdmin = !isEmpty(user)
+      ? (
+          await this.abilityService.resourceActionsPermission(user, {
+            organizationId: user.organizationId,
+          })
+        ).isAdmin
+      : false;
 
     if (isAdmin) {
       can(Action.CreateTable, 'all');
diff --git a/server/src/modules/casl/casl-ability.factory.ts b/server/src/modules/casl/casl-ability.factory.ts
index d9ac90788c..c078e2fe3b 100644
--- a/server/src/modules/casl/casl-ability.factory.ts
+++ b/server/src/modules/casl/casl-ability.factory.ts
@@ -2,16 +2,17 @@ import { User } from 'src/entities/user.entity';
 import { OrganizationUser } from 'src/entities/organization_user.entity';
 import { InferSubjects, AbilityBuilder, Ability, AbilityClass, ExtractSubjectType } from '@casl/ability';
 import { Injectable } from '@nestjs/common';
-import { UsersService } from '@services/users.service';
+import { ORGANIZATION_RESOURCE_ACTIONS } from 'src/constants/global.constant';
+import { AbilityService } from '@services/permissions-ability.service';
 
 type Actions =
-  | 'changeRole'
-  | 'archiveUser'
-  | 'inviteUser'
-  | 'accessGroupPermission'
-  | 'updateOrganizations'
-  | 'updateUser'
-  | 'viewAllUsers';
+  | ORGANIZATION_RESOURCE_ACTIONS.EDIT_ROLE
+  | ORGANIZATION_RESOURCE_ACTIONS.USER_ARCHIVE
+  | ORGANIZATION_RESOURCE_ACTIONS.USER_INVITE
+  | ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS
+  | ORGANIZATION_RESOURCE_ACTIONS.UPDATE
+  | ORGANIZATION_RESOURCE_ACTIONS.UPDATE_USERS
+  | ORGANIZATION_RESOURCE_ACTIONS.VIEW_ALL_USERS;
 
 type Subjects = InferSubjects<typeof OrganizationUser | typeof User> | 'all';
 
@@ -19,20 +20,22 @@ export type AppAbility = Ability<[Actions, Subjects]>;
 
 @Injectable()
 export class CaslAbilityFactory {
-  constructor(private usersService: UsersService) {}
+  constructor(private abilityService: AbilityService) {}
 
   async organizationUserActions(user: User, params: any) {
     const { can, build } = new AbilityBuilder<Ability<[Actions, Subjects]>>(Ability as AbilityClass<AppAbility>);
-
-    const isAdmin = await this.usersService.hasGroup(user, 'admin');
-    if (isAdmin) {
-      can('inviteUser', User);
-      can('archiveUser', User);
-      can('changeRole', User);
-      can('accessGroupPermission', User);
-      can('updateOrganizations', User);
-      can('viewAllUsers', User);
-      can('updateUser', User);
+    const userPermission = await this.abilityService.resourceActionsPermission(user, {
+      organizationId: user.organizationId,
+    });
+    const adminPermission = userPermission.isAdmin;
+    if (adminPermission) {
+      can(ORGANIZATION_RESOURCE_ACTIONS.USER_INVITE, User);
+      can(ORGANIZATION_RESOURCE_ACTIONS.USER_ARCHIVE, User);
+      can(ORGANIZATION_RESOURCE_ACTIONS.EDIT_ROLE, User);
+      can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, User);
+      can(ORGANIZATION_RESOURCE_ACTIONS.UPDATE, User);
+      can(ORGANIZATION_RESOURCE_ACTIONS.VIEW_ALL_USERS, User);
+      can(ORGANIZATION_RESOURCE_ACTIONS.UPDATE_USERS, User);
     }
 
     return build({
diff --git a/server/src/modules/casl/casl.module.ts b/server/src/modules/casl/casl.module.ts
index 7086f9037d..d14dd843f2 100644
--- a/server/src/modules/casl/casl.module.ts
+++ b/server/src/modules/casl/casl.module.ts
@@ -1,33 +1,19 @@
 import { Module } from '@nestjs/common';
-import { TypeOrmModule } from '@nestjs/typeorm';
-import { EmailService } from '@services/email.service';
-import { OrganizationUsersService } from '@services/organization_users.service';
-import { UsersService } from '@services/users.service';
-import { App } from 'src/entities/app.entity';
-import { File } from 'src/entities/file.entity';
-import { Organization } from 'src/entities/organization.entity';
-import { OrganizationUser } from 'src/entities/organization_user.entity';
-import { User } from 'src/entities/user.entity';
 import { AppsAbilityFactory } from './abilities/apps-ability.factory';
 import { ThreadsAbilityFactory } from './abilities/threads-ability.factory';
 import { CommentsAbilityFactory } from './abilities/comments-ability.factory';
 import { PluginsAbilityFactory } from './abilities/plugins-ability.factory';
 import { CaslAbilityFactory } from './casl-ability.factory';
 import { FoldersAbilityFactory } from './abilities/folders-ability.factory';
-import { FilesService } from '@services/files.service';
 import { OrgEnvironmentVariablesAbilityFactory } from './abilities/org-environment-variables-ability.factory';
 import { TooljetDbAbilityFactory } from './abilities/tooljet-db-ability.factory';
 import { GlobalDataSourceAbilityFactory } from './abilities/global-datasource-ability.factory';
 import { OrganizationConstantsAbilityFactory } from './abilities/organization-constants-ability.factory';
 
 @Module({
-  imports: [TypeOrmModule.forFeature([User, File, Organization, OrganizationUser, App])],
+  imports: [],
   providers: [
     CaslAbilityFactory,
-    OrganizationUsersService,
-    FilesService,
-    UsersService,
-    EmailService,
     AppsAbilityFactory,
     ThreadsAbilityFactory,
     CommentsAbilityFactory,
diff --git a/server/src/modules/data_queries/data_queries.module.ts b/server/src/modules/data_queries/data_queries.module.ts
index 8e11e544e6..792ba90305 100644
--- a/server/src/modules/data_queries/data_queries.module.ts
+++ b/server/src/modules/data_queries/data_queries.module.ts
@@ -15,8 +15,6 @@ import { App } from 'src/entities/app.entity';
 import { AppVersion } from 'src/entities/app_version.entity';
 import { AppUser } from 'src/entities/app_user.entity';
 import { FolderApp } from 'src/entities/folder_app.entity';
-import { GroupPermission } from 'src/entities/group_permission.entity';
-import { AppGroupPermission } from 'src/entities/app_group_permission.entity';
 import { UsersService } from '@services/users.service';
 import { User } from 'src/entities/user.entity';
 import { OrganizationUser } from 'src/entities/organization_user.entity';
@@ -28,9 +26,11 @@ import { PluginsHelper } from 'src/helpers/plugins.helper';
 import { OrgEnvironmentVariable } from 'src/entities/org_envirnoment_variable.entity';
 import { AppEnvironmentService } from '@services/app_environments.service';
 import { TooljetDbModule } from '../tooljet_db/tooljet_db.module';
+import { UserResourcePermissionsModule } from '@module/user_resource_permissions/user_resource_permissions.module';
 
 @Module({
   imports: [
+    UserResourcePermissionsModule,
     TypeOrmModule.forFeature([
       App,
       File,
@@ -41,8 +41,6 @@ import { TooljetDbModule } from '../tooljet_db/tooljet_db.module';
       Credential,
       DataSource,
       FolderApp,
-      GroupPermission,
-      AppGroupPermission,
       User,
       OrganizationUser,
       Organization,
diff --git a/server/src/modules/data_sources/data_sources.module.ts b/server/src/modules/data_sources/data_sources.module.ts
index 63c3846a11..e20c716663 100644
--- a/server/src/modules/data_sources/data_sources.module.ts
+++ b/server/src/modules/data_sources/data_sources.module.ts
@@ -16,8 +16,6 @@ import { CaslModule } from '../casl/casl.module';
 import { DataQueriesService } from '@services/data_queries.service';
 import { DataQuery } from 'src/entities/data_query.entity';
 import { FolderApp } from 'src/entities/folder_app.entity';
-import { GroupPermission } from 'src/entities/group_permission.entity';
-import { AppGroupPermission } from 'src/entities/app_group_permission.entity';
 import { UsersService } from '@services/users.service';
 import { User } from 'src/entities/user.entity';
 import { OrganizationUser } from 'src/entities/organization_user.entity';
@@ -30,9 +28,11 @@ import { Plugin } from 'src/entities/plugin.entity';
 import { OrgEnvironmentVariable } from 'src/entities/org_envirnoment_variable.entity';
 import { AppEnvironmentService } from '@services/app_environments.service';
 import { TooljetDbModule } from '../tooljet_db/tooljet_db.module';
+import { UserResourcePermissionsModule } from '@module/user_resource_permissions/user_resource_permissions.module';
 
 @Module({
   imports: [
+    UserResourcePermissionsModule,
     TypeOrmModule.forFeature([
       DataSource,
       DataQuery,
@@ -44,8 +44,6 @@ import { TooljetDbModule } from '../tooljet_db/tooljet_db.module';
       AppVersion,
       AppUser,
       FolderApp,
-      GroupPermission,
-      AppGroupPermission,
       User,
       OrganizationUser,
       Organization,
diff --git a/server/src/modules/folders/folders.module.ts b/server/src/modules/folders/folders.module.ts
index 9c911d38e4..40ff35ef6e 100644
--- a/server/src/modules/folders/folders.module.ts
+++ b/server/src/modules/folders/folders.module.ts
@@ -12,10 +12,15 @@ import { User } from 'src/entities/user.entity';
 import { OrganizationUser } from 'src/entities/organization_user.entity';
 import { Organization } from 'src/entities/organization.entity';
 import { CaslModule } from '../casl/casl.module';
+import { UserResourcePermissionsModule } from '@module/user_resource_permissions/user_resource_permissions.module';
 
 @Module({
   controllers: [FoldersController],
-  imports: [TypeOrmModule.forFeature([App, File, Folder, FolderApp, User, OrganizationUser, Organization]), CaslModule],
+  imports: [
+    UserResourcePermissionsModule,
+    TypeOrmModule.forFeature([App, File, Folder, FolderApp, User, OrganizationUser, Organization]),
+    CaslModule,
+  ],
   providers: [FilesService, FoldersService, UsersService],
 })
 export class FoldersModule {}
diff --git a/server/src/modules/group_permissions/group_permissions.module.ts b/server/src/modules/group_permissions/group_permissions.module.ts
deleted file mode 100644
index fc82d9293c..0000000000
--- a/server/src/modules/group_permissions/group_permissions.module.ts
+++ /dev/null
@@ -1,34 +0,0 @@
-import { Module } from '@nestjs/common';
-import { TypeOrmModule } from '@nestjs/typeorm';
-import { GroupPermission } from '../../../src/entities/group_permission.entity';
-import { UserGroupPermission } from 'src/entities/user_group_permission.entity';
-import { AppGroupPermission } from 'src/entities/app_group_permission.entity';
-import { GroupPermissionsController } from '../../controllers/group_permissions.controller';
-import { GroupPermissionsService } from '../../services/group_permissions.service';
-import { CaslModule } from '../casl/casl.module';
-import { UsersService } from '@services/users.service';
-import { User } from 'src/entities/user.entity';
-import { OrganizationUser } from 'src/entities/organization_user.entity';
-import { Organization } from 'src/entities/organization.entity';
-import { App } from 'src/entities/app.entity';
-import { File } from 'src/entities/file.entity';
-import { FilesService } from '@services/files.service';
-
-@Module({
-  controllers: [GroupPermissionsController],
-  imports: [
-    TypeOrmModule.forFeature([
-      GroupPermission,
-      UserGroupPermission,
-      AppGroupPermission,
-      User,
-      OrganizationUser,
-      Organization,
-      App,
-      File,
-    ]),
-    CaslModule,
-  ],
-  providers: [GroupPermissionsService, FilesService, UsersService],
-})
-export class GroupPermissionsModule {}
diff --git a/server/src/modules/org_environment_variables/org_environment_variables.module.ts b/server/src/modules/org_environment_variables/org_environment_variables.module.ts
index 648cda25ef..c11bc79925 100644
--- a/server/src/modules/org_environment_variables/org_environment_variables.module.ts
+++ b/server/src/modules/org_environment_variables/org_environment_variables.module.ts
@@ -19,8 +19,6 @@ import { AppUser } from 'src/entities/app_user.entity';
 import { DataSource } from 'src/entities/data_source.entity';
 import { DataQuery } from 'src/entities/data_query.entity';
 import { FolderApp } from 'src/entities/folder_app.entity';
-import { GroupPermission } from 'src/entities/group_permission.entity';
-import { AppGroupPermission } from 'src/entities/app_group_permission.entity';
 import { AppVersion } from 'src/entities/app_version.entity';
 import { AppImportExportService } from '@services/app_import_export.service';
 import { DataSourcesService } from '@services/data_sources.service';
@@ -29,10 +27,12 @@ import { Credential } from 'src/entities/credential.entity';
 import { PluginsHelper } from 'src/helpers/plugins.helper';
 import { AppEnvironmentService } from '@services/app_environments.service';
 import { TooljetDbModule } from '../tooljet_db/tooljet_db.module';
+import { UserResourcePermissionsModule } from '@module/user_resource_permissions/user_resource_permissions.module';
 
 @Module({
   controllers: [OrgEnvironmentVariablesController],
   imports: [
+    UserResourcePermissionsModule,
     TypeOrmModule.forFeature([
       App,
       OrgEnvironmentVariable,
@@ -46,8 +46,6 @@ import { TooljetDbModule } from '../tooljet_db/tooljet_db.module';
       DataSource,
       DataQuery,
       FolderApp,
-      GroupPermission,
-      AppGroupPermission,
       Credential,
     ]),
     CaslModule,
diff --git a/server/src/modules/organization_constants/organization_constants.module.ts b/server/src/modules/organization_constants/organization_constants.module.ts
index 140d377950..7e15a15ea8 100644
--- a/server/src/modules/organization_constants/organization_constants.module.ts
+++ b/server/src/modules/organization_constants/organization_constants.module.ts
@@ -23,8 +23,6 @@ import { AppUser } from 'src/entities/app_user.entity';
 import { DataSource } from 'src/entities/data_source.entity';
 import { DataQuery } from 'src/entities/data_query.entity';
 import { FolderApp } from 'src/entities/folder_app.entity';
-import { GroupPermission } from 'src/entities/group_permission.entity';
-import { AppGroupPermission } from 'src/entities/app_group_permission.entity';
 import { AppVersion } from 'src/entities/app_version.entity';
 import { AppImportExportService } from '@services/app_import_export.service';
 import { DataSourcesService } from '@services/data_sources.service';
@@ -33,10 +31,12 @@ import { Credential } from 'src/entities/credential.entity';
 import { PluginsHelper } from 'src/helpers/plugins.helper';
 import { AppEnvironmentService } from '@services/app_environments.service';
 import { TooljetDbModule } from '../tooljet_db/tooljet_db.module';
+import { UserResourcePermissionsModule } from '@module/user_resource_permissions/user_resource_permissions.module';
 
 @Module({
   controllers: [OrganizationConstantController],
   imports: [
+    UserResourcePermissionsModule,
     TypeOrmModule.forFeature([
       App,
       OrganizationConstant,
@@ -50,8 +50,6 @@ import { TooljetDbModule } from '../tooljet_db/tooljet_db.module';
       DataSource,
       DataQuery,
       FolderApp,
-      GroupPermission,
-      AppGroupPermission,
       Credential,
     ]),
     CaslModule,
diff --git a/server/src/modules/organizations/constant/constants.ts b/server/src/modules/organizations/constant/constants.ts
new file mode 100644
index 0000000000..7e18203722
--- /dev/null
+++ b/server/src/modules/organizations/constant/constants.ts
@@ -0,0 +1,7 @@
+export const ERROR_HANDLER = {
+  DUPLICATE_EMAIL_PRESENT: 'Duplicate email found. Please provide a unique email address.',
+};
+
+export const ERROR_HANDLER_TITLE = {
+  DUPLICATE_EMAIL_PRESENT: 'Duplicate email',
+};
diff --git a/server/src/modules/organizations/organizations.module.ts b/server/src/modules/organizations/organizations.module.ts
index d9b20b5fcc..9b7d324207 100644
--- a/server/src/modules/organizations/organizations.module.ts
+++ b/server/src/modules/organizations/organizations.module.ts
@@ -11,16 +11,12 @@ import { UsersService } from 'src/services/users.service';
 import { CaslModule } from '../casl/casl.module';
 import { EmailService } from '@services/email.service';
 import { FilesService } from '@services/files.service';
-import { GroupPermission } from 'src/entities/group_permission.entity';
 import { App } from 'src/entities/app.entity';
 import { File } from 'src/entities/file.entity';
 import { SSOConfigs } from 'src/entities/sso_config.entity';
 import { AuthService } from '@services/auth.service';
 import { JwtModule } from '@nestjs/jwt';
 import { ConfigService } from '@nestjs/config';
-import { GroupPermissionsService } from '@services/group_permissions.service';
-import { AppGroupPermission } from 'src/entities/app_group_permission.entity';
-import { UserGroupPermission } from 'src/entities/user_group_permission.entity';
 import { EncryptionService } from '@services/encryption.service';
 import { AppConfigService } from '@services/app_config.service';
 import { Plugin } from 'src/entities/plugin.entity';
@@ -36,6 +32,7 @@ import { Metadata } from 'src/entities/metadata.entity';
 import { MetadataService } from '@services/metadata.service';
 import { SessionService } from '@services/session.service';
 import { TooljetDbModule } from '../tooljet_db/tooljet_db.module';
+import { UserResourcePermissionsModule } from '@module/user_resource_permissions/user_resource_permissions.module';
 
 @Module({
   imports: [
@@ -44,11 +41,8 @@ import { TooljetDbModule } from '../tooljet_db/tooljet_db.module';
       OrganizationUser,
       User,
       File,
-      GroupPermission,
       App,
       SSOConfigs,
-      AppGroupPermission,
-      UserGroupPermission,
       DataSource,
       Credential,
       Plugin,
@@ -66,6 +60,7 @@ import { TooljetDbModule } from '../tooljet_db/tooljet_db.module';
       inject: [ConfigService],
     }),
     TooljetDbModule,
+    UserResourcePermissionsModule,
   ],
   providers: [
     OrganizationsService,
@@ -75,7 +70,6 @@ import { TooljetDbModule } from '../tooljet_db/tooljet_db.module';
     EmailService,
     FilesService,
     AuthService,
-    GroupPermissionsService,
     EncryptionService,
     DataSourcesService,
     CredentialsService,
diff --git a/server/src/modules/permissions/constants/permissions-ability.constant.ts b/server/src/modules/permissions/constants/permissions-ability.constant.ts
new file mode 100644
index 0000000000..f29c11b580
--- /dev/null
+++ b/server/src/modules/permissions/constants/permissions-ability.constant.ts
@@ -0,0 +1,33 @@
+import { TOOLJET_RESOURCE } from 'src/constants/global.constant';
+import { ResourceType } from '../../user_resource_permissions/constants/granular-permissions.constant';
+import { UserAppsPermissions, UserPermissions } from '@module/permissions/interface/permissions-ability.interface';
+
+export const PERMISSION_RESOURCE_MAPPING = {
+  [TOOLJET_RESOURCE.APP]: ResourceType.APP,
+} as Record<TOOLJET_RESOURCE, ResourceType>;
+
+export const DEFAULT_USER_PERMISSIONS: UserPermissions = {
+  isAdmin: false,
+  appCreate: false,
+  appDelete: false,
+  folderCRUD: false,
+  orgConstantCRUD: false,
+  orgVariableCRUD: false,
+  [TOOLJET_RESOURCE.APP]: {
+    editableAppsId: [],
+    isAllEditable: false,
+    viewableAppsId: [],
+    isAllViewable: false,
+    hiddenAppsId: [],
+    hideAll: false,
+  },
+};
+
+export const DEFAULT_USER_APPS_PERMISSIONS: UserAppsPermissions = {
+  editableAppsId: [],
+  isAllEditable: false,
+  viewableAppsId: [],
+  isAllViewable: false,
+  hiddenAppsId: [],
+  hideAll: false,
+};
diff --git a/server/src/modules/permissions/interface/permissions-ability.interface.ts b/server/src/modules/permissions/interface/permissions-ability.interface.ts
new file mode 100644
index 0000000000..b00b792347
--- /dev/null
+++ b/server/src/modules/permissions/interface/permissions-ability.interface.ts
@@ -0,0 +1,48 @@
+import {
+  APP_RESOURCE_ACTIONS,
+  DATA_QUERIES_RESOURCE_ACTIONS,
+  ORGANIZATION_CONSTANT_RESOURCE_ACTIONS,
+  ORGANIZATION_RESOURCE_ACTIONS,
+  TOOLJET_RESOURCE,
+} from 'src/constants/global.constant';
+
+export interface ResourcePermissionQueryObject {
+  resources?: ResourcesItem[];
+  organizationId: string;
+}
+
+export interface ResourcesItem {
+  resource: TOOLJET_RESOURCE;
+  resourceId?: string;
+}
+
+export interface ActionItem {
+  action: ResourceAction;
+  resource: TOOLJET_RESOURCE;
+}
+
+export interface UserPermissions {
+  isAdmin: boolean;
+  appCreate: boolean;
+  appDelete: boolean;
+  folderCRUD: boolean;
+  orgConstantCRUD: boolean;
+  orgVariableCRUD: boolean;
+  [TOOLJET_RESOURCE.APP]?: UserAppsPermissions;
+}
+
+export interface UserAppsPermissions {
+  editableAppsId: string[];
+  isAllEditable: boolean;
+  viewableAppsId: string[];
+  isAllViewable: boolean;
+  hiddenAppsId: string[];
+  hideAll: boolean;
+}
+
+export type ResourceAction =
+  | APP_RESOURCE_ACTIONS
+  | DATA_QUERIES_RESOURCE_ACTIONS
+  | DATA_QUERIES_RESOURCE_ACTIONS
+  | ORGANIZATION_RESOURCE_ACTIONS
+  | ORGANIZATION_CONSTANT_RESOURCE_ACTIONS;
diff --git a/server/src/modules/permissions/permissions.module.ts b/server/src/modules/permissions/permissions.module.ts
new file mode 100644
index 0000000000..a3c56fdde8
--- /dev/null
+++ b/server/src/modules/permissions/permissions.module.ts
@@ -0,0 +1,9 @@
+import { Global, Module } from '@nestjs/common';
+import { AbilityService } from '@services/permissions-ability.service';
+
+@Global()
+@Module({
+  providers: [AbilityService],
+  exports: [AbilityService],
+})
+export class PermissionsModule {}
diff --git a/server/src/modules/permissions/utility/permission-ability.utility.ts b/server/src/modules/permissions/utility/permission-ability.utility.ts
new file mode 100644
index 0000000000..8af83d1159
--- /dev/null
+++ b/server/src/modules/permissions/utility/permission-ability.utility.ts
@@ -0,0 +1,73 @@
+import { GroupPermissions } from 'src/entities/group_permissions.entity';
+import { Brackets, EntityManager, SelectQueryBuilder } from 'typeorm';
+import { ResourcePermissionQueryObject, ResourcesItem } from '../interface/permissions-ability.interface';
+import { TOOLJET_RESOURCE } from 'src/constants/global.constant';
+import { PERMISSION_RESOURCE_MAPPING } from '../constants/permissions-ability.constant';
+
+export function getUserPermissionsQuery(
+  userId: string,
+  resourcePermissionObject: ResourcePermissionQueryObject,
+  manager: EntityManager
+): SelectQueryBuilder<GroupPermissions> {
+  const { organizationId, resources } = resourcePermissionObject;
+  const query = manager
+    .createQueryBuilder(GroupPermissions, 'groupPermissions')
+    .innerJoin('groupPermissions.groupUsers', 'groupUsers', 'groupUsers.userId = :userId', {
+      userId,
+    })
+    .where('groupPermissions.organizationId = :organizationId', {
+      organizationId,
+    });
+
+  if (resources?.length) {
+    const resourceTypes = Array.from(new Set(resources.map((item) => item.resource)));
+    const orConditions = Array.from(resourceTypes)
+      .map((resource, index) => `granularPermissions.type = :type${index}`)
+      .join(' OR ');
+    const parameters = resourceTypes.reduce((params, resource, index) => {
+      params[`type${index}`] = PERMISSION_RESOURCE_MAPPING[resource];
+      return params;
+    }, {});
+    query
+      .leftJoin('groupPermissions.groupGranularPermissions', 'granularPermissions')
+      .andWhere(orConditions, parameters)
+      .addSelect(['granularPermissions.isAll', 'granularPermissions.type']);
+  }
+
+  if (resources?.length) {
+    const appsResourcesList = resources.filter((item) => item.resource === TOOLJET_RESOURCE.APP);
+    if (appsResourcesList?.length) {
+      addAppsPermissionsTOQuery(query, appsResourcesList);
+    }
+  }
+
+  return query;
+}
+
+function addAppsPermissionsTOQuery(query: SelectQueryBuilder<GroupPermissions>, appsList?: ResourcesItem[]) {
+  query
+    .leftJoin('granularPermissions.appsGroupPermissions', 'appsGroupPermissions')
+    .leftJoin('appsGroupPermissions.groupApps', 'groupApps')
+    .addSelect([
+      'groupApps.appId',
+      'appsGroupPermissions.canEdit',
+      'appsGroupPermissions.canView',
+      'appsGroupPermissions.hideFromDashboard',
+    ]);
+
+  const appsIdList = Array.from(new Set(appsList?.filter((item) => item?.resourceId).map((item) => item.resourceId)));
+
+  if (appsIdList?.length) {
+    query.andWhere(
+      new Brackets((qb) => {
+        appsIdList.forEach((appId, index) => {
+          if (index === 0) {
+            qb.where('groupApps.appId = :appId', { appId }).orWhere('granularPermissions.isAll = true');
+          } else {
+            qb.orWhere('groupApps.appId = :appId', { appId });
+          }
+        });
+      })
+    );
+  }
+}
diff --git a/server/src/modules/seeds/seeds.module.ts b/server/src/modules/seeds/seeds.module.ts
index ce35a59567..541816f02f 100644
--- a/server/src/modules/seeds/seeds.module.ts
+++ b/server/src/modules/seeds/seeds.module.ts
@@ -1,7 +1,9 @@
 import { Module } from '@nestjs/common';
 import { SeedsService } from '../../services/seeds.service';
+import { UserResourcePermissionsModule } from '@module/user_resource_permissions/user_resource_permissions.module';
 
 @Module({
+  imports: [UserResourcePermissionsModule],
   providers: [SeedsService],
   exports: [SeedsService],
 })
diff --git a/server/src/modules/user_resource_permissions/constants/granular-permissions.constant.ts b/server/src/modules/user_resource_permissions/constants/granular-permissions.constant.ts
new file mode 100644
index 0000000000..71131f64a3
--- /dev/null
+++ b/server/src/modules/user_resource_permissions/constants/granular-permissions.constant.ts
@@ -0,0 +1,45 @@
+import { CreateResourcePermissionObject } from '../interface/granular-permissions.interface';
+import { USER_ROLE } from './group-permissions.constant';
+
+export enum ResourceType {
+  APP = 'app',
+  DATA_SOURCE = 'data_source',
+}
+
+export const DEFAULT_GRANULAR_PERMISSIONS_NAME = {
+  [ResourceType.APP]: 'Apps',
+  [ResourceType.DATA_SOURCE]: 'Data sources',
+};
+
+export const DEFAULT_RESOURCE_PERMISSIONS = {
+  [USER_ROLE.ADMIN]: {
+    [ResourceType.APP]: {
+      canEdit: true,
+      canView: false,
+      hideFromDashboard: false,
+    },
+  },
+  [USER_ROLE.END_USER]: {
+    [ResourceType.APP]: {
+      canEdit: false,
+      canView: true,
+      hideFromDashboard: false,
+    },
+  },
+  [USER_ROLE.BUILDER]: {
+    [ResourceType.APP]: {
+      canEdit: true,
+      canView: false,
+      hideFromDashboard: false,
+    },
+  },
+} as Record<USER_ROLE, Record<ResourceType, CreateResourcePermissionObject>>;
+
+export const ERROR_HANDLER = {
+  ADMIN_DEFAULT_GROUP_GRANULAR_PERMISSIONS: 'Cannot create granular permissions of admin group',
+  EDITOR_LEVEL_PERMISSIONS_NOT_ALLOWED:
+    'End-users can only be granted permission to view apps. If you wish to add this permission, kindly change the following users role from end-user to builder',
+  EDITOR_LEVEL_PERMISSION_NOT_ALLOWED_END_USER: 'Cannot assign builder level permission to end users',
+  UPDATE_EDITABLE_PERMISSION_END_USER_GROUP:
+    'End-users can only be granted permission to view apps. If you wish to add this permission, kindly change the following users role from end-user to builder- ',
+};
diff --git a/server/src/modules/user_resource_permissions/constants/group-permissions.constant.ts b/server/src/modules/user_resource_permissions/constants/group-permissions.constant.ts
new file mode 100644
index 0000000000..ed49016164
--- /dev/null
+++ b/server/src/modules/user_resource_permissions/constants/group-permissions.constant.ts
@@ -0,0 +1,127 @@
+import { DataBaseConstraints } from '@helpers/db_constraints.constants';
+import { CreateDefaultGroupObject } from '../interface/group-permissions.interface';
+
+// enum table -  group_permission_type
+export enum GROUP_PERMISSIONS_TYPE {
+  DEFAULT = 'default',
+  CUSTOM_GROUP = 'custom',
+}
+
+export enum USER_ROLE {
+  END_USER = 'end-user',
+  ADMIN = 'admin',
+  BUILDER = 'builder',
+}
+
+export const DATA_BASE_CONSTRAINTS = {
+  GROUP_NAME_UNIQUE: {
+    dbConstraint: DataBaseConstraints.GROUP_NAME_UNIQUE,
+    message: 'Group name should be unique in workspace',
+  },
+  GROUP_USER_UNIQUE: {
+    dbConstraint: DataBaseConstraints.GROUP_USER_UNIQUE,
+    message: 'User already present in the group',
+  },
+  GRANULAR_PERMISSIONS_NAME_UNIQUE: {
+    dbConstraint: DataBaseConstraints.GRANULAR_PERMISSIONS_NAME_UNIQUE,
+    message: 'Granular permission name should be unique',
+  },
+};
+
+export const DEFAULT_GROUP_PERMISSIONS = {
+  ADMIN: {
+    name: USER_ROLE.ADMIN,
+    type: GROUP_PERMISSIONS_TYPE.DEFAULT,
+    appCreate: true,
+    appDelete: true,
+    folderCRUD: true,
+    orgConstantCRUD: true,
+    dataSourceCreate: true,
+    dataSourceDelete: true,
+    isBuilderLevel: true,
+  },
+  BUILDER: {
+    name: USER_ROLE.BUILDER,
+    type: GROUP_PERMISSIONS_TYPE.DEFAULT,
+    appCreate: true,
+    appDelete: true,
+    folderCRUD: true,
+    orgConstantCRUD: true,
+    dataSourceCreate: true,
+    dataSourceDelete: true,
+    isBuilderLevel: true,
+  },
+  END_USER: {
+    name: USER_ROLE.END_USER,
+    type: GROUP_PERMISSIONS_TYPE.DEFAULT,
+    appCreate: false,
+    appDelete: false,
+    folderCRUD: false,
+    orgConstantCRUD: false,
+    dataSourceCreate: false,
+    dataSourceDelete: false,
+    isBuilderLevel: false,
+  },
+} as Record<string, CreateDefaultGroupObject>;
+
+export const DEFAULT_GROUP_PERMISSIONS_MIGRATIONS = {
+  ADMIN: {
+    name: USER_ROLE.ADMIN,
+    type: GROUP_PERMISSIONS_TYPE.DEFAULT,
+    appCreate: true,
+    appDelete: true,
+    folderCRUD: true,
+    orgConstantCRUD: true,
+    dataSourceCreate: true,
+    dataSourceDelete: true,
+    isBuilderLevel: true,
+  },
+  BUILDER: {
+    name: USER_ROLE.BUILDER,
+    type: GROUP_PERMISSIONS_TYPE.DEFAULT,
+    appCreate: false,
+    appDelete: false,
+    folderCRUD: false,
+    orgConstantCRUD: false,
+    dataSourceCreate: false,
+    dataSourceDelete: false,
+    isBuilderLevel: false,
+  },
+  END_USER: {
+    name: USER_ROLE.END_USER,
+    type: GROUP_PERMISSIONS_TYPE.DEFAULT,
+    appCreate: false,
+    appDelete: false,
+    folderCRUD: false,
+    orgConstantCRUD: false,
+    dataSourceCreate: false,
+    dataSourceDelete: false,
+    isBuilderLevel: false,
+  },
+} as Record<string, CreateDefaultGroupObject>;
+
+export const ERROR_HANDLER = {
+  GROUP_NOT_EXIST: "Group doesn't exist",
+  DEFAULT_GROUP_NAME: 'Name cannot be same as user default group',
+  DEFAULT_GROUP_NAME_UPDATE: 'Not allowed to change default group name',
+  DEFAULT_GROUP_NAME_DELETE: 'Not allowed to delete default group',
+  NON_EDITABLE_GROUP_UPDATE: 'Group cannot be update because its not allowed',
+  NON_BUILDER_PERMISSION_UPDATE: 'End user cannot have this builder level permissions',
+  DEFAULT_GROUP_UPDATE_NOT_ALLOWED: 'Defaults group cant be deleted',
+  UPDATE_EDITABLE_PERMISSION_END_USER_GROUP:
+    'End-users can only be granted permission to view apps. If you wish to add this permission, kindly change the following users role from end-user to builder- ',
+  GROUP_USERS_EDITABLE_GROUP_ADDITION: (userEmail) => {
+    return `The user ${userEmail} is an end-user and can only be granted permission to view apps. Kindly change their user role to be able to add them.`;
+  },
+  ADD_GROUP_USER_NON_EXISTING_USER: 'User is not present in this organization',
+  DEFAULT_GROUP_ADD_USER_ROLE_EXIST: (role: USER_ROLE) => {
+    return `User is already ${role}`;
+  },
+  USER_IS_OWNER_OF_APPS: (userEmail) => {
+    return `The user- ${userEmail} cannot be an end-user because they are the owner of the following application(s)- `;
+  },
+  ADD_GROUP_USER_DEFAULT_GROUP: 'Adding user to default group is not allowed',
+  DELETING_DEFAULT_GROUP_USER: 'Deleting default user from default group is not allowed',
+  EDITING_LAST_ADMIN_ROLE_NOT_ALLOWED:
+    'Cannot change role of last present admin, please add another admin and change the role',
+};
diff --git a/server/src/modules/user_resource_permissions/interface/granular-permissions.interface.ts b/server/src/modules/user_resource_permissions/interface/granular-permissions.interface.ts
new file mode 100644
index 0000000000..8d5db13422
--- /dev/null
+++ b/server/src/modules/user_resource_permissions/interface/granular-permissions.interface.ts
@@ -0,0 +1,67 @@
+import { AppsGroupPermissions } from 'src/entities/apps_group_permissions.entity';
+import { SearchParamItem } from '@helpers/db-utility/db-utility.interface';
+import { CreateGranularPermissionDto, UpdateGranularPermissionDto } from '@dto/granular-permissions.dto';
+import { GranularPermissions } from 'src/entities/granular_permissions.entity';
+import { GroupPermissions } from 'src/entities/group_permissions.entity';
+
+export interface AppsPermissionDeleteResourceItem {
+  id: string;
+}
+
+export interface AppsPermissionAddResourceItem {
+  appId: string;
+}
+
+export interface AppsGroupPermissionsActions {
+  canEdit: boolean;
+  canView: boolean;
+  hideFromDashboard: boolean;
+}
+
+export type ResourceGroupActions = AppsGroupPermissionsActions;
+
+export interface UpdateGranularPermissionObject {
+  group?: GroupPermissions;
+  organizationId: string;
+  updateGranularPermissionDto: UpdateGranularPermissionDto;
+}
+
+export type GranularPermissionAddResourceItems = AppsPermissionAddResourceItem[];
+export type GranularPermissionDeleteResourceItems = AppsPermissionDeleteResourceItem[];
+
+export interface UpdateResourceGroupPermissionsObject {
+  group: GroupPermissions;
+  granularPermissions: GranularPermissions;
+  actions: ResourceGroupActions;
+  resourcesToAdd: GranularPermissionAddResourceItems;
+  resourcesToDelete: GranularPermissionDeleteResourceItems;
+  allowRoleChange?: boolean;
+}
+
+export interface GranularPermissionQuerySearchParam {
+  [key: string]: SearchParamItem | boolean | string | number;
+  name?: SearchParamItem;
+  type?: string;
+  groupId?: string;
+}
+
+export interface CreateAppsPermissionsObject {
+  canEdit?: boolean;
+  canView?: boolean;
+  hideFromDashboard?: boolean;
+  resourcesToAdd?: GranularPermissionAddResourceItems;
+}
+
+export interface CreateGranularPermissionObject {
+  createGranularPermissionDto: CreateGranularPermissionDto;
+  organizationId: string;
+}
+
+export interface ResourcePermissionMetaData {
+  granularPermissions: GranularPermissions;
+  organizationId: string;
+}
+
+export type CreateResourcePermissionObject = CreateAppsPermissionsObject;
+
+export type GranularResourcePermissions = AppsGroupPermissions;
diff --git a/server/src/modules/user_resource_permissions/interface/group-permissions.interface.ts b/server/src/modules/user_resource_permissions/interface/group-permissions.interface.ts
new file mode 100644
index 0000000000..827fd8d838
--- /dev/null
+++ b/server/src/modules/user_resource_permissions/interface/group-permissions.interface.ts
@@ -0,0 +1,43 @@
+import { GroupPermissions } from 'src/entities/group_permissions.entity';
+import { GROUP_PERMISSIONS_TYPE, USER_ROLE } from '../constants/group-permissions.constant';
+import { SearchParamItem } from '@helpers/db-utility/db-utility.interface';
+
+export interface CreateDefaultGroupObject {
+  type: GROUP_PERMISSIONS_TYPE;
+  name: string;
+  appCreate: boolean;
+  appDelete: boolean;
+  folderCRUD: boolean;
+  orgConstantCRUD: boolean;
+  dataSourceCreate: boolean;
+  dataSourceDelete: boolean;
+}
+
+export interface ValidateEditUserGroupAdditionObject {
+  userId: string;
+  groupsToAddIds: string[];
+  organizationId: string;
+}
+
+export interface GetGroupUsersObject {
+  groupId: string;
+  organizationId: string;
+}
+
+export interface GroupQuerySearchParamObject {
+  [key: string]: SearchParamItem | boolean | string | number;
+  name?: SearchParamItem;
+  type?: string;
+  editable?: boolean;
+  onlyBuilder?: boolean;
+}
+
+export interface AddUserRoleObject {
+  role: USER_ROLE;
+  userId: string;
+}
+
+export interface GetUsersResponse {
+  groupPermissions: GroupPermissions[];
+  length: number;
+}
diff --git a/server/src/modules/user_resource_permissions/services/group-permissions.utility.service.ts b/server/src/modules/user_resource_permissions/services/group-permissions.utility.service.ts
new file mode 100644
index 0000000000..ca9a8076ae
--- /dev/null
+++ b/server/src/modules/user_resource_permissions/services/group-permissions.utility.service.ts
@@ -0,0 +1,228 @@
+import { BadRequestException, Injectable } from '@nestjs/common';
+import { GroupPermissions } from 'src/entities/group_permissions.entity';
+import { User } from 'src/entities/user.entity';
+import {
+  GROUP_PERMISSIONS_TYPE,
+  USER_ROLE,
+} from '@module/user_resource_permissions/constants/group-permissions.constant';
+import {
+  addableUsersToGroupQuery,
+  getRoleUsersListQuery,
+  getUserRoleQuery,
+} from '@module/user_resource_permissions/utility/group-permissions.utility';
+import { EntityManager } from 'typeorm';
+import { dbTransactionWrap, getMaxCopyNumber } from '@helpers/utils.helper';
+import { App } from 'src/entities/app.entity';
+import { getAllGranularPermissionQuery } from '../utility/granular-permissios.utility';
+import { ResourceType } from '../constants/granular-permissions.constant';
+import { ValidateEditUserGroupAdditionObject } from '../interface/group-permissions.interface';
+import { instanceToPlain } from 'class-transformer';
+import { GranularPermissions } from 'src/entities/granular_permissions.entity';
+import { AppsGroupPermissions } from 'src/entities/apps_group_permissions.entity';
+import { GroupApps } from 'src/entities/group_apps.entity';
+
+@Injectable()
+export class GroupPermissionsUtilityService {
+  constructor() {}
+
+  async getRoleUsersList(
+    role: USER_ROLE,
+    organizationId: string,
+    groupPermissionId?: string,
+    manager?: EntityManager
+  ): Promise<User[]> {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const query = getRoleUsersListQuery(role, organizationId, manager, groupPermissionId);
+      return await query.getMany();
+    }, manager);
+  }
+  async getRoleGroup(role: USER_ROLE, organizationId: string, manager?: EntityManager): Promise<GroupPermissions> {
+    return await dbTransactionWrap(async (manager) => {
+      return await manager.findOne(GroupPermissions, {
+        where: { name: role, organizationId, type: GROUP_PERMISSIONS_TYPE.DEFAULT },
+      });
+    }, manager);
+  }
+
+  async getUserRole(userId: string, organizationId: string, manager?: EntityManager): Promise<GroupPermissions> {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      return await getUserRoleQuery(userId, organizationId, manager).getOne();
+    }, manager);
+  }
+
+  async getAddableUser(user: User, groupId: string, searchInput?: string, manager?: EntityManager) {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      return await addableUsersToGroupQuery(groupId, user.organizationId, manager, searchInput).getMany();
+    }, manager);
+  }
+
+  async getAddableApps(user: User, manager?: EntityManager) {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const apps = await manager.find(App, {
+        where: {
+          organizationId: user.organizationId,
+        },
+      });
+      return apps.map((app) => {
+        return {
+          name: app.name,
+          id: app.id,
+        };
+      });
+    }, manager);
+  }
+
+  async checkIfBuilderLevelResourcesPermissions(groupId: string, manager?: EntityManager): Promise<boolean> {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const allPermission = await getAllGranularPermissionQuery({ groupId }, manager).getMany();
+      if (!allPermission) return false;
+      const isBuilderLevelAppsPermission = allPermission
+        .filter((permissions) => permissions.type === ResourceType.APP)
+        .some((permissions) => {
+          const appPermission = permissions.appsGroupPermissions;
+          return appPermission.canEdit === true;
+        });
+      //Add for other permissions here
+      return isBuilderLevelAppsPermission;
+    }, manager);
+  }
+
+  async isEditableGroup(group: GroupPermissions, manager?: EntityManager): Promise<boolean> {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const editPermissionsPresent =
+        Object.values(group).some((value) => typeof value === 'boolean' && value === true) ||
+        (await this.checkIfBuilderLevelResourcesPermissions(group.id, manager));
+      return editPermissionsPresent;
+    }, manager);
+  }
+
+  async validateEditUserGroupPermissionsAddition(
+    functionParam: ValidateEditUserGroupAdditionObject,
+    manager?: EntityManager
+  ) {
+    const { organizationId, userId, groupsToAddIds } = functionParam;
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const userRole = await this.getUserRole(userId, organizationId, manager);
+      console.log('this is running');
+
+      if (userRole.name === USER_ROLE.END_USER) {
+        return await Promise.all(
+          groupsToAddIds.map(async (id) => {
+            const group = await manager.findOne(GroupPermissions, id);
+            const isEditableGroup = await this.isEditableGroup(group, manager);
+            console.log(isEditableGroup);
+
+            if (isEditableGroup) {
+              throw new BadRequestException({
+                message: {
+                  error:
+                    'End-users can only be granted permission to view apps. Kindly change the user role or custom group to continue.',
+                  title: 'Conflicting Permissions',
+                },
+              });
+            }
+          })
+        );
+      }
+    }, manager);
+  }
+
+  async getDuplicateGroupName(groupToDuplicate: GroupPermissions, manager: EntityManager): Promise<string> {
+    const existNameList = await manager
+      .createQueryBuilder()
+      .select(['groupPermissions.name', 'groupPermissions.id'])
+      .from(GroupPermissions, 'groupPermissions')
+      .where('groupPermissions.name ~* :pattern', { pattern: `^${groupToDuplicate.name}_copy_[0-9]+$` })
+      .orWhere('groupPermissions.name = :groupToDuplicateGroup', {
+        groupToDuplicateGroup: `${groupToDuplicate.name}_copy`,
+      })
+      .andWhere('groupPermissions.id != :groupPermissionId', { groupPermissionId: groupToDuplicate.id })
+      .andWhere('groupPermissions.organizationId = :organizationId', {
+        organizationId: groupToDuplicate.organizationId,
+      })
+      .getMany();
+
+    let newName = `${groupToDuplicate.name}_copy`;
+    const number = getMaxCopyNumber(existNameList.map((group) => group.name));
+    if (number) newName = `${groupToDuplicate.name}_copy_${number}`;
+    return newName;
+  }
+
+  async duplicateGroup(
+    group: GroupPermissions,
+    addPermission: boolean,
+    manager?: EntityManager
+  ): Promise<GroupPermissions> {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const newName = await this.getDuplicateGroupName(group, manager);
+      const keysToDelete = ['id', 'createdAt', 'updatedAt', 'name', 'type'];
+      if (addPermission)
+        keysToDelete.forEach((key) => {
+          delete group[key];
+        });
+      return await manager.save(
+        manager.create(GroupPermissions, {
+          name: newName,
+          type: GROUP_PERMISSIONS_TYPE.CUSTOM_GROUP,
+          ...(addPermission ? instanceToPlain(group) : {}),
+        })
+      );
+    }, manager);
+  }
+
+  async duplicateGranularPermissions(
+    granularPermissions: GranularPermissions,
+    groupId: string,
+    manager?: EntityManager
+  ): Promise<GranularPermissions> {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const keysToDelete = ['id', 'createdAt', 'updatedAt', 'groupId', 'appsGroupPermissions'];
+      keysToDelete.forEach((key) => {
+        delete granularPermissions[key];
+      });
+      return await manager.save(
+        manager.create(GranularPermissions, { groupId, ...instanceToPlain(granularPermissions) })
+      );
+    }, manager);
+  }
+
+  async duplicateResourcePermissions(
+    granularPermissionsToDuplicate: GranularPermissions,
+    newGranularPermissionsId: string,
+    manager?: EntityManager
+  ): Promise<void> {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      switch (granularPermissionsToDuplicate.type) {
+        case ResourceType.APP:
+          await this.duplicationAppsPermissions(
+            granularPermissionsToDuplicate.appsGroupPermissions,
+            newGranularPermissionsId,
+            manager
+          );
+          break;
+        default:
+          break;
+      }
+    }, manager);
+  }
+
+  async duplicationAppsPermissions(
+    appsPermissions: AppsGroupPermissions,
+    granularPermissionId: string,
+    manager: EntityManager
+  ) {
+    const groupApps = appsPermissions.groupApps;
+    const keysToDelete = ['id', 'createdAt', 'updatedAt', 'granularPermissionId', 'groupApps'];
+    keysToDelete.forEach((key) => {
+      delete appsPermissions[key];
+    });
+    const newAppsPermissions = await manager.save(
+      manager.create(AppsGroupPermissions, { granularPermissionId, ...instanceToPlain(appsPermissions) })
+    );
+    groupApps.map(async (groupApp) => {
+      await manager.save(
+        manager.create(GroupApps, { appsGroupPermissionsId: newAppsPermissions.id, appId: groupApp.appId })
+      );
+    });
+  }
+}
diff --git a/server/src/modules/user_resource_permissions/user_resource_permissions.module.ts b/server/src/modules/user_resource_permissions/user_resource_permissions.module.ts
new file mode 100644
index 0000000000..2a727ec3e5
--- /dev/null
+++ b/server/src/modules/user_resource_permissions/user_resource_permissions.module.ts
@@ -0,0 +1,15 @@
+import { Module } from '@nestjs/common';
+import { GroupPermissionsControllerV2 } from '@controllers/group_permissions.controller.v2';
+import { GroupPermissionsServiceV2 } from '@services/group_permissions.service.v2';
+import { GranularPermissionsService } from '@services/granular_permissions.service';
+import { UserRoleService } from '@services/user-role.service';
+import { GroupPermissionsUtilityService } from './services/group-permissions.utility.service';
+import { CaslModule } from '@module/casl/casl.module';
+
+@Module({
+  controllers: [GroupPermissionsControllerV2],
+  imports: [CaslModule],
+  exports: [UserRoleService, GroupPermissionsServiceV2, GroupPermissionsUtilityService],
+  providers: [GroupPermissionsServiceV2, GranularPermissionsService, UserRoleService, GroupPermissionsUtilityService],
+})
+export class UserResourcePermissionsModule {}
diff --git a/server/src/modules/user_resource_permissions/utility/granular-permissios.utility.ts b/server/src/modules/user_resource_permissions/utility/granular-permissios.utility.ts
new file mode 100644
index 0000000000..86aeafdc57
--- /dev/null
+++ b/server/src/modules/user_resource_permissions/utility/granular-permissios.utility.ts
@@ -0,0 +1,75 @@
+import { GroupPermissions } from 'src/entities/group_permissions.entity';
+import { USER_ROLE } from '../constants/group-permissions.constant';
+import { BadRequestException } from '@nestjs/common';
+import { ERROR_HANDLER } from '../constants/granular-permissions.constant';
+import { EntityManager, SelectQueryBuilder } from 'typeorm';
+import { GranularPermissionQuerySearchParam, ResourceGroupActions } from '../interface/granular-permissions.interface';
+import { GranularPermissions } from 'src/entities/granular_permissions.entity';
+
+export function validateGranularPermissionCreateOperation(group: GroupPermissions) {
+  if (group.name === USER_ROLE.ADMIN)
+    throw new BadRequestException(ERROR_HANDLER.ADMIN_DEFAULT_GROUP_GRANULAR_PERMISSIONS);
+}
+
+export function validateGranularPermissionUpdateOperation(group: GroupPermissions) {
+  if (group.name === USER_ROLE.ADMIN)
+    throw new BadRequestException(ERROR_HANDLER.ADMIN_DEFAULT_GROUP_GRANULAR_PERMISSIONS);
+}
+
+export function validateAppResourcePermissionUpdateOperation(group: GroupPermissions, actions: ResourceGroupActions) {
+  if (group.name === USER_ROLE.END_USER && actions.canEdit)
+    throw new BadRequestException(ERROR_HANDLER.EDITOR_LEVEL_PERMISSION_NOT_ALLOWED_END_USER);
+}
+
+export function getAllGranularPermissionQuery(
+  searchParam: GranularPermissionQuerySearchParam,
+  manager: EntityManager
+): SelectQueryBuilder<GranularPermissions> {
+  const query = manager
+    .createQueryBuilder(GranularPermissions, 'granularPermissions')
+    .innerJoinAndSelect(
+      'granularPermissions.appsGroupPermissions',
+      'appsGroupPermissions',
+      'appsGroupPermissions.granularPermissionId = granularPermissions.id'
+    )
+    .leftJoinAndSelect('appsGroupPermissions.groupApps', 'groupApps')
+    .leftJoinAndSelect('groupApps.app', 'app');
+  const { name, type, groupId } = searchParam;
+  if (groupId) {
+    query.where('granularPermissions.groupId = :groupId', {
+      groupId,
+    });
+  }
+
+  if (name) {
+    query.where(`granularPermissions.name ${name.useLike ? 'LIKE' : '='} :name`, {
+      name: name.useLike ? `%${name.value}%` : name.value,
+    });
+  }
+  if (type) {
+    query.where('granularPermissions.type = :type', {
+      type,
+    });
+  }
+  //for ee add data sources group permissions
+  return query;
+}
+
+export function getGranularPermissionQuery(
+  id: string,
+  manager: EntityManager
+): SelectQueryBuilder<GranularPermissions> {
+  const query = manager
+    .createQueryBuilder(GranularPermissions, 'granularPermissions')
+    .innerJoinAndSelect('granularPermissions.group', 'groupPermissions')
+    .innerJoinAndSelect(
+      'granularPermissions.appsGroupPermissions',
+      'appsGroupPermissions',
+      'appsGroupPermissions.granularPermissionId = granularPermissions.id'
+    )
+    .where('granularPermissions.id = :id', {
+      id,
+    });
+  //for ee add data sources group permissions
+  return query;
+}
diff --git a/server/src/modules/user_resource_permissions/utility/group-permissions.utility.ts b/server/src/modules/user_resource_permissions/utility/group-permissions.utility.ts
new file mode 100644
index 0000000000..4976fe9072
--- /dev/null
+++ b/server/src/modules/user_resource_permissions/utility/group-permissions.utility.ts
@@ -0,0 +1,217 @@
+import { Brackets, EntityManager, SelectQueryBuilder } from 'typeorm';
+import { USER_ROLE, GROUP_PERMISSIONS_TYPE } from '../constants/group-permissions.constant';
+import { User } from 'src/entities/user.entity';
+import { GroupPermissions } from 'src/entities/group_permissions.entity';
+import { BadRequestException, MethodNotAllowedException } from '@nestjs/common';
+import { CreateGroupPermissionDto, UpdateGroupPermissionDto } from '@dto/group_permissions.dto';
+import { ERROR_HANDLER } from '@module/user_resource_permissions/constants/group-permissions.constant';
+import { GroupUsers } from 'src/entities/group_users.entity';
+import { GetGroupUsersObject } from '../interface/group-permissions.interface';
+
+export function getRoleUsersListQuery(
+  role: USER_ROLE,
+  organizationId: string,
+  manager: EntityManager,
+  groupPermissionId?: string
+): SelectQueryBuilder<User> {
+  const query = manager
+    .createQueryBuilder(User, 'user')
+    .innerJoinAndSelect('user.userGroups', 'userGroups')
+    .innerJoin('userGroups.group', 'group', 'group.organizationId = :organizationId', { organizationId })
+    .andWhere('group.type = :type', { type: GROUP_PERMISSIONS_TYPE.DEFAULT })
+    .andWhere('group.name = :name', { name: role });
+
+  if (groupPermissionId) {
+    query.andWhere(
+      'user.id IN ' +
+        query
+          .subQuery()
+          .select('user.id')
+          .from(User, 'user')
+          .innerJoin('user.userGroups', 'subUserGroup')
+          .where('subUserGroup.groupId = :groupId', { groupId: groupPermissionId })
+          .getQuery()
+    );
+  }
+  query.select([
+    'user.id',
+    'user.firstName',
+    'user.lastName',
+    'user.email',
+    'userGroups.groupId',
+    'userGroups.id',
+    'group.name',
+    'group.type',
+  ]);
+
+  return query;
+}
+
+export function getUserDetailQuery(
+  userId: string,
+  organizationId: string,
+  manager: EntityManager
+): SelectQueryBuilder<User> {
+  const query = manager
+    .createQueryBuilder(User, 'user')
+    .innerJoin('user.organizationUsers', 'organizationUsers', 'organizationUsers.organizationId = :organizationId', {
+      organizationId,
+    })
+    .where('user.id = :userId', {
+      userId,
+    });
+
+  return query;
+}
+
+export function getUserRoleQuery(
+  userId: string,
+  organizationId: string,
+  manager: EntityManager
+): SelectQueryBuilder<GroupPermissions> {
+  const query = manager
+    .createQueryBuilder(GroupPermissions, 'role')
+    .innerJoinAndSelect('role.groupUsers', 'groupUsers', 'groupUsers.userId = :userId', { userId })
+    .where('role.type = :type', { type: GROUP_PERMISSIONS_TYPE.DEFAULT })
+    .andWhere('role.organizationId = :organizationId', { organizationId });
+
+  return query;
+}
+
+export function validateUpdateGroupOperation(
+  group: GroupPermissions,
+  updateGroupPermissionDto: UpdateGroupPermissionDto
+): void {
+  const { name } = group;
+  const { name: newName } = updateGroupPermissionDto;
+  if (
+    newName &&
+    (Object.values(USER_ROLE).includes(newName as USER_ROLE) || group.type == GROUP_PERMISSIONS_TYPE.DEFAULT)
+  ) {
+    throw new MethodNotAllowedException(ERROR_HANDLER.DEFAULT_GROUP_NAME_UPDATE);
+  }
+
+  if ([USER_ROLE.ADMIN, USER_ROLE.END_USER].includes(name as USER_ROLE)) {
+    throw new MethodNotAllowedException(ERROR_HANDLER.NON_EDITABLE_GROUP_UPDATE);
+  }
+}
+
+export function validateDeleteGroupUserOperation(group: GroupPermissions) {
+  if (!group) throw new BadRequestException(ERROR_HANDLER.GROUP_NOT_EXIST);
+
+  if (group.type == GROUP_PERMISSIONS_TYPE.DEFAULT)
+    throw new MethodNotAllowedException(ERROR_HANDLER.DELETING_DEFAULT_GROUP_USER);
+}
+
+export function validateAddGroupUserOperation(group: GroupPermissions) {
+  if (!group) throw new BadRequestException(ERROR_HANDLER.GROUP_NOT_EXIST);
+  if (group.type == GROUP_PERMISSIONS_TYPE.DEFAULT)
+    throw new MethodNotAllowedException(ERROR_HANDLER.ADD_GROUP_USER_DEFAULT_GROUP);
+}
+
+export function getAllUserGroupsQuery(
+  userId: string,
+  organizationId: string,
+  manager: EntityManager
+): SelectQueryBuilder<GroupPermissions> {
+  const query = manager
+    .createQueryBuilder(GroupPermissions, 'groups')
+    .innerJoinAndSelect('groups.groupUsers', 'groupUsers', 'groups.organizationId = :organizationId', {
+      organizationId,
+    })
+    .where('groupUsers.userId = :userId', {
+      userId,
+    });
+  return query;
+}
+
+export function validateCreateGroupOperation(createGroupPermissionDto: CreateGroupPermissionDto) {
+  if (createGroupPermissionDto.name in USER_ROLE) throw new BadRequestException(ERROR_HANDLER.DEFAULT_GROUP_NAME);
+}
+
+export function addableUsersToGroupQuery(
+  groupId: string,
+  organizationId: string,
+  manager: EntityManager,
+  searchInput?: string
+): SelectQueryBuilder<User> {
+  const query = manager
+    .createQueryBuilder(User, 'users')
+    .innerJoin('users.organizationUsers', 'organization_users', 'organization_users.organizationId = :organizationId', {
+      organizationId: organizationId,
+    })
+    .innerJoinAndSelect('users.userGroups', 'userGroups')
+    .innerJoinAndSelect('userGroups.group', 'group', 'group.organizationId = :organizationId', {
+      organizationId,
+    })
+    .where('group.type = :type', {
+      type: GROUP_PERMISSIONS_TYPE.DEFAULT,
+    })
+    .where((qb) => {
+      const subQuery = qb
+        .subQuery()
+        .select('groupUsers.userId')
+        .from(GroupUsers, 'groupUsers')
+        .innerJoin('groupUsers.group', 'group')
+        .where('group.id = :groupId', { groupId })
+        .andWhere('group.organizationId = :organizationId', { organizationId })
+        .getQuery();
+
+      return 'users.id NOT IN ' + subQuery;
+    })
+    .andWhere(addableUserGetOrConditions(searchInput))
+    .select(['users.id', 'users.firstName', 'users.lastName', 'users.email', 'userGroups.id', 'group.name'])
+    .orderBy('users.createdAt', 'DESC');
+
+  return query;
+}
+
+const addableUserGetOrConditions = (searchInput) => {
+  return new Brackets((qb) => {
+    if (searchInput) {
+      qb.orWhere('lower(users.email) like :email', {
+        email: `%${searchInput.toLowerCase()}%`,
+      });
+      qb.orWhere('lower(users.firstName) like :firstName', {
+        firstName: `%${searchInput.toLowerCase()}%`,
+      });
+      qb.orWhere('lower(users.lastName) like :lastName', {
+        lastName: `%${searchInput.toLowerCase()}%`,
+      });
+    }
+  });
+};
+
+export function getUserInGroupQuery(
+  getGroupUsersObject: GetGroupUsersObject,
+  manager: EntityManager,
+  searchInput: string
+): SelectQueryBuilder<GroupUsers> {
+  const { groupId, organizationId } = getGroupUsersObject;
+
+  const query = manager
+    .createQueryBuilder(GroupUsers, 'groupUsers')
+    .innerJoinAndSelect('groupUsers.user', 'users', 'groupUsers.groupId = :groupId', {
+      groupId,
+    })
+    .innerJoinAndSelect('users.userGroups', 'userRole')
+    .innerJoinAndSelect('userRole.group', 'role', 'role.organizationId = :organizationId', {
+      organizationId,
+    })
+    .andWhere('role.type = :type', {
+      type: GROUP_PERMISSIONS_TYPE.DEFAULT,
+    })
+    .select([
+      'groupUsers.id',
+      'groupUsers.groupId',
+      'users.id',
+      'users.firstName',
+      'users.lastName',
+      'users.email',
+      'userRole.id',
+      'role.name',
+    ])
+    .addSelect('role.name', 'userRole')
+    .andWhere(addableUserGetOrConditions(searchInput));
+  return query;
+}
diff --git a/server/src/modules/users/users.module.ts b/server/src/modules/users/users.module.ts
index 8d8a94bacb..23daf302ad 100644
--- a/server/src/modules/users/users.module.ts
+++ b/server/src/modules/users/users.module.ts
@@ -9,9 +9,14 @@ import { UsersController } from 'src/controllers/users.controller';
 import { OrganizationsModule } from '../organizations/organizations.module';
 import { App } from 'src/entities/app.entity';
 import { FilesService } from '@services/files.service';
+import { UserResourcePermissionsModule } from '@module/user_resource_permissions/user_resource_permissions.module';
 
 @Module({
-  imports: [OrganizationsModule, TypeOrmModule.forFeature([User, File, Organization, OrganizationUser, App])],
+  imports: [
+    OrganizationsModule,
+    UserResourcePermissionsModule,
+    TypeOrmModule.forFeature([User, File, Organization, OrganizationUser, App]),
+  ],
   providers: [UsersService, FilesService],
   controllers: [UsersController],
   exports: [UsersService],
diff --git a/server/src/services/app_import_export.service.ts b/server/src/services/app_import_export.service.ts
index f3ee4fe9d5..a17c9c1b9a 100644
--- a/server/src/services/app_import_export.service.ts
+++ b/server/src/services/app_import_export.service.ts
@@ -2,12 +2,10 @@ import { BadRequestException, Injectable } from '@nestjs/common';
 import { isEmpty } from 'lodash';
 import { App } from 'src/entities/app.entity';
 import { AppEnvironment } from 'src/entities/app_environments.entity';
-import { AppGroupPermission } from 'src/entities/app_group_permission.entity';
 import { AppVersion } from 'src/entities/app_version.entity';
 import { DataQuery } from 'src/entities/data_query.entity';
 import { DataSource } from 'src/entities/data_source.entity';
 import { DataSourceOptions } from 'src/entities/data_source_options.entity';
-import { GroupPermission } from 'src/entities/group_permission.entity';
 import { User } from 'src/entities/user.entity';
 import { EntityManager, In } from 'typeorm';
 import { DataSourcesService } from './data_sources.service';
@@ -258,7 +256,6 @@ export class AppImportExportService {
       isNormalizedAppDefinitionSchema,
       currentTooljetVersion
     );
-    await this.createAdminGroupPermissions(this.entityManager, importedApp);
     await this.updateEntityReferencesForImportedApp(this.entityManager, resourceMapping);
 
     // NOTE: App slug updation callback doesn't work while wrapped in transaction
@@ -1350,31 +1347,6 @@ export class AppImportExportService {
     await manager.update(AppVersion, { id: lastVersionIdToUpdate }, { updatedAt: new Date() });
   }
 
-  async createAdminGroupPermissions(manager: EntityManager, app: App) {
-    const orgDefaultGroupPermissions = await manager.find(GroupPermission, {
-      where: {
-        organizationId: app.organizationId,
-        group: 'admin',
-      },
-    });
-
-    const adminPermissions = {
-      read: true,
-      update: true,
-      delete: true,
-    };
-
-    for (const groupPermission of orgDefaultGroupPermissions) {
-      const appGroupPermission = manager.create(AppGroupPermission, {
-        groupPermissionId: groupPermission.id,
-        appId: app.id,
-        ...adminPermissions,
-      });
-
-      return await manager.save(AppGroupPermission, appGroupPermission);
-    }
-  }
-
   async createDatasourceOption(
     manager: EntityManager,
     options: Record<string, unknown>,
diff --git a/server/src/services/apps.service.ts b/server/src/services/apps.service.ts
index cea7f8d20e..03cbaac657 100644
--- a/server/src/services/apps.service.ts
+++ b/server/src/services/apps.service.ts
@@ -7,14 +7,12 @@ import { AppUser } from 'src/entities/app_user.entity';
 import { AppVersion } from 'src/entities/app_version.entity';
 import { DataSource } from 'src/entities/data_source.entity';
 import { DataQuery } from 'src/entities/data_query.entity';
-import { GroupPermission } from 'src/entities/group_permission.entity';
-import { AppGroupPermission } from 'src/entities/app_group_permission.entity';
 import { AppImportExportService } from './app_import_export.service';
 import { DataSourcesService } from './data_sources.service';
 import { Credential } from 'src/entities/credential.entity';
 import { catchDbException, cleanObject, dbTransactionWrap, defaultAppEnvironments } from 'src/helpers/utils.helper';
 import { AppUpdateDto } from '@dto/app-update.dto';
-import { viewableAppsQuery } from 'src/helpers/queries';
+import { viewableAppsQueryUsingPermissions } from 'src/helpers/queries';
 import { VersionEditDto } from '@dto/version-edit.dto';
 import { AppEnvironment } from 'src/entities/app_environments.entity';
 import { DataSourceOptions } from 'src/entities/data_source_options.entity';
@@ -33,6 +31,8 @@ import { findAllEntityReferences, isValidUUID, updateEntityReferences } from 'sr
 import { isEmpty } from 'lodash';
 import { AppBase } from 'src/entities/app_base.entity';
 import { LayoutDimensionUnits } from 'src/helpers/components.helper';
+import { AbilityService } from './permissions-ability.service';
+import { TOOLJET_RESOURCE } from 'src/constants/global.constant';
 
 const uuid = require('uuid');
 
@@ -55,7 +55,8 @@ export class AppsService {
 
     private appImportExportService: AppImportExportService,
     private dataSourcesService: DataSourcesService,
-    private appEnvironmentService: AppEnvironmentService
+    private appEnvironmentService: AppEnvironmentService,
+    private abilityService: AbilityService
   ) {}
   async find(id: string): Promise<App> {
     return this.appsRepository.findOne({
@@ -171,49 +172,11 @@ export class AppsService {
             updatedAt: new Date(),
           })
         );
-
-        await this.createAppGroupPermissionsForAdmin(app, manager);
         return app;
       }, [{ dbConstraint: DataBaseConstraints.APP_NAME_UNIQUE, message: 'This app name is already taken.' }]);
     });
   }
 
-  async createAppGroupPermissionsForAdmin(app: App, manager: EntityManager): Promise<void> {
-    await dbTransactionWrap(async (manager: EntityManager) => {
-      const orgDefaultGroupPermissions = await manager.find(GroupPermission, {
-        where: {
-          organizationId: app.organizationId,
-          group: 'admin',
-        },
-      });
-
-      for (const groupPermission of orgDefaultGroupPermissions) {
-        const appGroupPermission = manager.create(AppGroupPermission, {
-          groupPermissionId: groupPermission.id,
-          appId: app.id,
-          ...this.fetchDefaultAppGroupPermissions(groupPermission.group),
-        });
-
-        await manager.save(appGroupPermission);
-      }
-    }, manager);
-  }
-
-  fetchDefaultAppGroupPermissions(group: string): {
-    read: boolean;
-    update: boolean;
-    delete: boolean;
-  } {
-    switch (group) {
-      case 'all_users':
-        return { read: true, update: false, delete: false };
-      case 'admin':
-        return { read: true, update: true, delete: true };
-      default:
-        throw `${group} is not a default group`;
-    }
-  }
-
   async clone(existingApp: App, user: User, appName: string): Promise<App> {
     const appWithRelations = await this.appImportExportService.export(user, existingApp.id);
     const clonedApp = await this.appImportExportService.import(user, appWithRelations, appName);
@@ -222,7 +185,19 @@ export class AppsService {
   }
 
   async count(user: User, searchKey): Promise<number> {
-    return await viewableAppsQuery(user, searchKey).getCount();
+    //Migrate it to app module utility files
+    const userPermission = await this.abilityService.resourceActionsPermission(user, {
+      resources: [{ resource: TOOLJET_RESOURCE.APP }],
+      organizationId: user.organizationId,
+    });
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      return await viewableAppsQueryUsingPermissions(
+        user,
+        userPermission[TOOLJET_RESOURCE.APP],
+        manager,
+        searchKey
+      ).getCount();
+    });
   }
 
   getAppVersionsCount = async (appId: string) => {
@@ -232,16 +207,27 @@ export class AppsService {
   };
 
   async all(user: User, page: number, searchKey: string): Promise<AppBase[]> {
-    const viewableAppsQb = viewableAppsQuery(user, searchKey);
+    //Migrate it to app utility files
+    const userPermission = await this.abilityService.resourceActionsPermission(user, {
+      resources: [{ resource: TOOLJET_RESOURCE.APP }],
+      organizationId: user.organizationId,
+    });
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const viewableAppsQb = viewableAppsQueryUsingPermissions(
+        user,
+        userPermission[TOOLJET_RESOURCE.APP],
+        manager,
+        searchKey
+      );
 
-    if (page) {
-      return await viewableAppsQb
-        .take(9)
-        .skip(9 * (page - 1))
-        .getMany();
-    }
-
-    return await viewableAppsQb.getMany();
+      if (page) {
+        return await viewableAppsQb
+          .take(9)
+          .skip(9 * (page - 1))
+          .getMany();
+      }
+      return await viewableAppsQb.getMany();
+    });
   }
 
   async findAll(organizationId: string, searchParam): Promise<App[]> {
diff --git a/server/src/services/auth.service.ts b/server/src/services/auth.service.ts
index e577423518..a50892830f 100644
--- a/server/src/services/auth.service.ts
+++ b/server/src/services/auth.service.ts
@@ -46,9 +46,17 @@ import { CookieOptions, Response } from 'express';
 import { SessionService } from './session.service';
 import { RequestContext } from 'src/models/request-context.model';
 import * as requestIp from 'request-ip';
+import {
+  GROUP_PERMISSIONS_TYPE,
+  USER_ROLE,
+} from '@module/user_resource_permissions/constants/group-permissions.constant';
 import { ActivateAccountWithTokenDto } from '@dto/activate-account-with-token.dto';
 import { AppAuthenticationDto, AppSignupDto } from '@dto/app-authentication.dto';
 import { SIGNUP_ERRORS } from 'src/helpers/errors.constants';
+import { UserRoleService } from './user-role.service';
+import { GroupPermissionsServiceV2 } from './group_permissions.service.v2';
+import { AbilityService } from './permissions-ability.service';
+import { TOOLJET_RESOURCE } from 'src/constants/global.constant';
 const bcrypt = require('bcrypt');
 const uuid = require('uuid');
 import { ResendInviteDto } from '@dto/resend-invite.dto';
@@ -68,6 +76,9 @@ export class AuthService {
     private metadataService: MetadataService,
     private configService: ConfigService,
     private sessionService: SessionService,
+    private userRoleService: UserRoleService,
+    private groupPermissionsService: GroupPermissionsServiceV2,
+    private abilityService: AbilityService,
     @InjectRepository(Organization)
     private organizationsRepository: Repository<Organization>
   ) {}
@@ -219,20 +230,31 @@ export class AuthService {
     });
   }
 
+  //TODO:this function is not used now
   async authorizeOrganization(user: User) {
     return await dbTransactionWrap(async (manager: EntityManager) => {
       if (user.defaultOrganizationId !== user.organizationId)
         await this.usersService.updateUser(user.id, { defaultOrganizationId: user.organizationId }, manager);
 
       const organization = await this.organizationsService.get(user.organizationId);
-
+      const permissions = await this.groupPermissionsService.getAllUserGroups(user.id, user.organizationId);
+      const userPermissions = await this.abilityService.resourceActionsPermission(user, {
+        organizationId: user.organizationId,
+        resources: [{ resource: TOOLJET_RESOURCE.APP }],
+      });
+      const appGroupPermissions = userPermissions?.[TOOLJET_RESOURCE.APP];
+      delete userPermissions?.[TOOLJET_RESOURCE.APP];
       return decamelizeKeys({
         currentOrganizationId: user.organizationId,
         currentOrganizationSlug: organization.slug,
         currentOrganizationName: organization.name,
-        admin: await this.usersService.hasGroup(user, 'admin', null, manager),
-        groupPermissions: await this.usersService.groupPermissions(user, manager),
-        appGroupPermissions: await this.usersService.appGroupPermissions(user, null, manager),
+        admin: await this.usersService.hasGroup(user, USER_ROLE.ADMIN, null, manager),
+        userPermissions: userPermissions,
+        groupPermissions: permissions.filter(
+          (group) => group.type === GROUP_PERMISSIONS_TYPE.CUSTOM_GROUP || group.name === USER_ROLE.ADMIN
+        ),
+        role: permissions.find((group) => group.type === GROUP_PERMISSIONS_TYPE.DEFAULT),
+        appGroupPermissions: appGroupPermissions,
         currentUser: {
           id: user.id,
           email: user.email,
@@ -403,7 +425,7 @@ export class AuthService {
           ...lifeCycleParms,
         },
         personalWorkspace.id,
-        ['all_users', 'admin'],
+        USER_ROLE.ADMIN,
         existingUser,
         true,
         null,
@@ -419,7 +441,11 @@ export class AuthService {
           manager,
           WORKSPACE_USER_SOURCE.SIGNUP
         );
-        await this.usersService.attachUserGroup(['all_users'], signingUpOrganization.id, user.id, manager);
+        await this.userRoleService.addUserRole(
+          { userId: user.id, role: USER_ROLE.END_USER },
+          signingUpOrganization.id,
+          manager
+        );
 
         this.emailService
           .sendWelcomeEmail(
@@ -627,7 +653,11 @@ export class AuthService {
   };
 
   async addUserToTheWorkspace(existingUser: User, signingUpOrganization: Organization, manager: EntityManager) {
-    await this.usersService.attachUserGroup(['all_users'], signingUpOrganization.id, existingUser.id, manager);
+    await this.userRoleService.addUserRole(
+      { userId: existingUser.id, role: USER_ROLE.END_USER },
+      signingUpOrganization.id,
+      manager
+    );
     return this.organizationUsersService.create(
       existingUser,
       signingUpOrganization,
@@ -751,6 +781,7 @@ export class AuthService {
         null,
         manager
       );
+
       const user = await this.usersService.create(
         {
           email,
@@ -764,12 +795,13 @@ export class AuthService {
           phoneNumber,
         },
         organization.id,
-        ['all_users', 'admin'],
+        USER_ROLE.ADMIN,
         null,
         false,
         null,
         manager
       );
+
       await this.organizationUsersService.create(user, organization, false, manager);
       return this.generateLoginResultPayload(response, user, organization, false, true, null, manager);
     });
diff --git a/server/src/services/folders.service.ts b/server/src/services/folders.service.ts
index 48d909111a..63f65d6d10 100644
--- a/server/src/services/folders.service.ts
+++ b/server/src/services/folders.service.ts
@@ -1,16 +1,15 @@
-import { Injectable, ForbiddenException } from '@nestjs/common';
+import { Injectable } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
-import { App } from 'src/entities/app.entity';
 import { FolderApp } from 'src/entities/folder_app.entity';
-import { UserGroupPermission } from 'src/entities/user_group_permission.entity';
-import { getFolderQuery, viewableAppsQuery } from 'src/helpers/queries';
+import { getFolderQuery } from 'src/helpers/queries';
 import { createQueryBuilder, Repository, UpdateResult } from 'typeorm';
 import { User } from '../../src/entities/user.entity';
 import { Folder } from '../entities/folder.entity';
-import { UsersService } from './users.service';
 import { catchDbException } from 'src/helpers/utils.helper';
 import { DataBaseConstraints } from 'src/helpers/db_constraints.constants';
 import { AppBase } from 'src/entities/app_base.entity';
+import { TOOLJET_RESOURCE } from 'src/constants/global.constant';
+import { AbilityService } from './permissions-ability.service';
 
 @Injectable()
 export class FoldersService {
@@ -19,9 +18,8 @@ export class FoldersService {
     private foldersRepository: Repository<Folder>,
     @InjectRepository(FolderApp)
     private folderAppsRepository: Repository<FolderApp>,
-    @InjectRepository(App)
-    private appsRepository: Repository<App>,
-    private usersService: UsersService
+
+    private abilityService: AbilityService
   ) {}
 
   async create(user: User, folderName): Promise<Folder> {
@@ -44,34 +42,11 @@ export class FoldersService {
   }
 
   async allFolders(user: User, searchKey?: string): Promise<Folder[]> {
-    const allViewableApps = await viewableAppsQuery(user, searchKey, ['id']).getMany();
-
-    const allViewableAppIds = allViewableApps.map((app) => app.id);
-
-    if (await this.usersService.userCan(user, 'create', 'Folder')) {
-      return await getFolderQuery(true, allViewableAppIds, user.organizationId).distinct().getMany();
-    }
-
-    if (allViewableAppIds.length === 0) return [];
-
-    return await getFolderQuery(false, allViewableAppIds, user.organizationId).distinct().getMany();
+    return await getFolderQuery(user.organizationId, searchKey).distinct().getMany();
   }
 
   async all(user: User, searchKey: string): Promise<Folder[]> {
     const allFolderList = await this.allFolders(user);
-    if (!searchKey || !allFolderList || allFolderList.length === 0) {
-      return allFolderList;
-    }
-    const folders = await this.allFolders(user, searchKey);
-    allFolderList.forEach((folder, index) => {
-      const currentFolder = folders.find((f) => f.id === folder.id);
-      if (currentFolder) {
-        allFolderList[index] = currentFolder;
-      } else {
-        allFolderList[index].folderApps = [];
-        allFolderList[index].generateCount();
-      }
-    });
     return allFolderList;
   }
 
@@ -79,111 +54,76 @@ export class FoldersService {
     return await this.foldersRepository.findOneOrFail(folderId);
   }
 
-  async userAppCount(user: User, folder: Folder, searchKey: string) {
-    const folderApps = await this.folderAppsRepository.find({
-      where: {
-        folderId: folder.id,
-      },
-    });
-    const folderAppIds = folderApps.map((folderApp) => folderApp.appId);
-
-    if (folderAppIds.length == 0) {
-      return 0;
-    }
-
-    const viewableAppsQb = viewableAppsQuery(user, searchKey);
-
-    const folderAppsQb = createQueryBuilder(App, 'apps_in_folder').whereInIds(folderAppIds);
-
-    return await createQueryBuilder(App, 'apps')
-      .innerJoin(
-        '(' + viewableAppsQb.getQuery() + ')',
-        'viewable_apps_join',
-        'apps.id = viewable_apps_join.viewable_apps_id'
-      )
-      .innerJoin(
-        '(' + folderAppsQb.getQuery() + ')',
-        'apps_in_folder_join',
-        'apps.id = apps_in_folder_join.apps_in_folder_id'
-      )
-      .setParameters({
-        ...folderAppsQb.getParameters(),
-        ...viewableAppsQb.getParameters(),
-      })
-      .getCount();
-  }
-
-  async getAppsFor(user: User, folder: Folder, page: number, searchKey: string): Promise<AppBase[]> {
+  async getAppsFor(
+    user: User,
+    folder: Folder,
+    page: number,
+    searchKey: string
+  ): Promise<{
+    viewableApps: AppBase[];
+    totalCount: number;
+  }> {
     const folderApps = await this.folderAppsRepository.find({
       where: {
         folderId: folder.id,
       },
     });
 
+    const userPermission = await this.abilityService.resourceActionsPermission(user, {
+      resources: [{ resource: TOOLJET_RESOURCE.APP }],
+      organizationId: user.organizationId,
+    });
+    const userAppPermissions = userPermission?.[TOOLJET_RESOURCE.APP];
+
     const folderAppIds = folderApps.map((folderApp) => folderApp.appId);
 
-    if (folderAppIds.length == 0) {
-      return [];
+    if (folderAppIds.length == 0 || userAppPermissions?.hideAll) {
+      return {
+        viewableApps: [],
+        totalCount: 0,
+      };
     }
-
-    const viewableAppsQb = viewableAppsQuery(user, searchKey);
-
-    const folderAppsQb = createQueryBuilder(App, 'apps_in_folder').whereInIds(folderAppIds);
-
-    const viewableAppsInFolder = await createQueryBuilder(AppBase, 'apps')
-      .innerJoin(
-        '(' + viewableAppsQb.getQuery() + ')',
-        'viewable_apps_join',
-        'apps.id = viewable_apps_join.viewable_apps_id'
-      )
-      .innerJoin(
-        '(' + folderAppsQb.getQuery() + ')',
-        'apps_in_folder_join',
-        'apps.id = apps_in_folder_join.apps_in_folder_id'
+    const viewableAppsTotal = Array.from(
+      new Set(
+        [...userAppPermissions.editableAppsId, ...userAppPermissions.viewableAppsId].filter(
+          (id) => !userAppPermissions.hiddenAppsId.includes(id)
+        )
       )
+    );
+
+    const viewableAppIds = viewableAppsTotal.filter((id) => folderAppIds.includes(id));
+
+    const viewableAppsInFolder = createQueryBuilder(AppBase, 'apps')
       .innerJoin('apps.user', 'user')
-      .addSelect(['user.firstName', 'user.lastName'])
-      .setParameters({
-        ...folderAppsQb.getParameters(),
-        ...viewableAppsQb.getParameters(),
-      })
-      .take(9)
-      .skip(9 * (page - 1))
-      .orderBy('apps.createdAt', 'DESC')
-      .getMany();
+      .addSelect(['user.firstName', 'user.lastName']);
 
-    return viewableAppsInFolder;
+    if (!(userAppPermissions.isAllEditable || userAppPermissions.isAllViewable)) {
+      viewableAppsInFolder.where('apps.id IN (...viewableAppIds)', {
+        viewableAppIds,
+      });
+    } else {
+      viewableAppsInFolder.where('apps.organizationId = :organizationId', {
+        organizationId: user.organizationId,
+      });
+    }
+
+    const [viewableApps, totalCount] = await Promise.all([
+      viewableAppsInFolder
+        .take(9)
+        .skip(9 * (page - 1))
+        .orderBy('apps.createdAt', 'DESC')
+        .getMany(),
+      viewableAppsInFolder.getCount(),
+    ]);
+
+    return {
+      viewableApps,
+      totalCount,
+    };
   }
 
   async delete(user: User, id: string) {
     const folder = await this.foldersRepository.findOneOrFail({ id, organizationId: user.organizationId });
-    const allViewableApps = await createQueryBuilder(App, 'apps')
-      .select('apps.id')
-      .innerJoin('apps.groupPermissions', 'group_permissions')
-      .innerJoin('apps.appGroupPermissions', 'app_group_permissions')
-      .innerJoin(
-        UserGroupPermission,
-        'user_group_permissions',
-        'app_group_permissions.group_permission_id = user_group_permissions.group_permission_id'
-      )
-      .where('user_group_permissions.user_id = :userId', { userId: user.id })
-      .andWhere('app_group_permissions.read = :value', { value: true })
-      .orWhere('apps.user_id = :userId', {
-        value: true,
-        organizationId: user.organizationId,
-        userId: user.id,
-      })
-      .getMany();
-
-    const allViewableAppIds = allViewableApps.map((app) => app.id);
-
-    folder.folderApps.map((folderApp: FolderApp) => {
-      if (!allViewableAppIds.includes(folderApp.appId)) {
-        throw new ForbiddenException(
-          'Applications not authorised for you are included in the folder, please contact administrator to remove them and try again'
-        );
-      }
-    });
-    return await this.foldersRepository.delete({ id, organizationId: user.organizationId });
+    return await this.foldersRepository.delete({ id: folder.id, organizationId: user.organizationId });
   }
 }
diff --git a/server/src/services/granular_permissions.service.ts b/server/src/services/granular_permissions.service.ts
new file mode 100644
index 0000000000..386033fbb1
--- /dev/null
+++ b/server/src/services/granular_permissions.service.ts
@@ -0,0 +1,254 @@
+import { BadRequestException, Injectable, MethodNotAllowedException } from '@nestjs/common';
+import { ResourceType } from '@module/user_resource_permissions/constants/granular-permissions.constant';
+import {
+  GranularResourcePermissions,
+  CreateResourcePermissionObject,
+  CreateAppsPermissionsObject,
+  UpdateResourceGroupPermissionsObject,
+  CreateGranularPermissionObject,
+  ResourcePermissionMetaData,
+} from '@module/user_resource_permissions/interface/granular-permissions.interface';
+import { EntityManager } from 'typeorm';
+import { GranularPermissions } from 'src/entities/granular_permissions.entity';
+import { AppsGroupPermissions } from 'src/entities/apps_group_permissions.entity';
+import {
+  GranularPermissionQuerySearchParam,
+  UpdateGranularPermissionObject,
+} from '@module/user_resource_permissions/interface/granular-permissions.interface';
+import { catchDbException, dbTransactionWrap } from '@helpers/utils.helper';
+import {
+  DATA_BASE_CONSTRAINTS,
+  USER_ROLE,
+} from '@module/user_resource_permissions/constants/group-permissions.constant';
+import { ERROR_HANDLER } from '@module/user_resource_permissions/constants/granular-permissions.constant';
+import {
+  getAllGranularPermissionQuery,
+  getGranularPermissionQuery,
+  validateAppResourcePermissionUpdateOperation,
+} from '@module/user_resource_permissions/utility/granular-permissios.utility';
+import { GroupPermissionsUtilityService } from '@module/user_resource_permissions/services/group-permissions.utility.service';
+import { GroupApps } from 'src/entities/group_apps.entity';
+import { GroupUsers } from 'src/entities/group_users.entity';
+
+@Injectable()
+export class GranularPermissionsService {
+  constructor(private groupPermissionsUtilityService: GroupPermissionsUtilityService) {}
+  async create(
+    createGranularPermissionObject: CreateGranularPermissionObject,
+    createResourcePermissionsObj?: CreateResourcePermissionObject,
+    manager?: EntityManager
+  ) {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const { createGranularPermissionDto, organizationId } = createGranularPermissionObject;
+      const { name, type, groupId, isAll } = createGranularPermissionDto;
+      const granularPermissions: GranularPermissions = await catchDbException(async () => {
+        const granularPermissions = manager.create(GranularPermissions, { name, type, groupId, isAll });
+        return await manager.save(granularPermissions);
+      }, [DATA_BASE_CONSTRAINTS.GRANULAR_PERMISSIONS_NAME_UNIQUE]);
+
+      await this.createResourceGroupPermission(
+        { granularPermissions, organizationId },
+        createResourcePermissionsObj,
+        manager
+      );
+      return granularPermissions;
+    }, manager);
+  }
+
+  async getAll(
+    searchParam: GranularPermissionQuerySearchParam,
+    manager?: EntityManager
+  ): Promise<GranularPermissions[]> {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const getAllQuery = getAllGranularPermissionQuery(searchParam, manager);
+      return await getAllQuery.getMany();
+    }, manager);
+  }
+
+  async get(id: string, manager?: EntityManager): Promise<GranularPermissions> {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      return await getGranularPermissionQuery(id, manager).getOne();
+    }, manager);
+  }
+
+  async update(id: string, updateGranularPermissionsObj: UpdateGranularPermissionObject, manager?: EntityManager) {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const granularPermissions = await this.get(id, manager);
+      const { organizationId, updateGranularPermissionDto, group } = updateGranularPermissionsObj;
+      const { isAll, name, resourcesToAdd, resourcesToDelete, actions, allowRoleChange } = updateGranularPermissionDto;
+      const updateGranularPermission = {
+        isAll: isAll !== null || isAll !== undefined ? isAll : granularPermissions.isAll,
+        ...(name && { name }),
+      };
+      const updateResource: UpdateResourceGroupPermissionsObject = {
+        group,
+        granularPermissions,
+        actions,
+        resourcesToDelete,
+        resourcesToAdd,
+        allowRoleChange,
+      };
+      await catchDbException(async () => {
+        if (Object.keys(updateGranularPermission).length > 0)
+          await manager.update(GranularPermissions, id, updateGranularPermission);
+      }, [DATA_BASE_CONSTRAINTS.GRANULAR_PERMISSIONS_NAME_UNIQUE]);
+      await this.updateResourcePermissions(updateResource, organizationId, manager);
+    }, manager);
+  }
+
+  async delete(id: string, manager?: EntityManager) {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      return await manager.delete(GranularPermissions, id);
+    }, manager);
+  }
+
+  async createResourceGroupPermission(
+    createMetaData: ResourcePermissionMetaData,
+    createResourcePermissionsObj?: CreateResourcePermissionObject,
+    manager?: EntityManager
+  ): Promise<GranularResourcePermissions> {
+    let resourceGranularPermissions;
+    const { granularPermissions, organizationId } = createMetaData;
+    const { type } = granularPermissions;
+
+    await dbTransactionWrap(async (manager: EntityManager) => {
+      switch (type) {
+        case ResourceType.APP:
+          resourceGranularPermissions = await this.createAppGroupPermission(
+            { granularPermissions, organizationId },
+            createResourcePermissionsObj,
+            manager
+          );
+          break;
+      }
+    }, manager);
+    return resourceGranularPermissions;
+  }
+
+  private async createAppGroupPermission(
+    createMetaData: ResourcePermissionMetaData,
+    createAppPermissionsObj?: CreateAppsPermissionsObject,
+    manager?: EntityManager
+  ): Promise<AppsGroupPermissions> {
+    const { granularPermissions, organizationId } = createMetaData;
+    const { resourcesToAdd, canEdit } = createAppPermissionsObj;
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const groupEditors = await this.groupPermissionsUtilityService.getRoleUsersList(
+        USER_ROLE.END_USER,
+        organizationId,
+        granularPermissions.groupId,
+        manager
+      );
+      if (groupEditors.length && canEdit)
+        throw new BadRequestException({
+          message: {
+            error: ERROR_HANDLER.EDITOR_LEVEL_PERMISSIONS_NOT_ALLOWED,
+            data: groupEditors.map((user) => user.email),
+            title: 'Cannot create permissions',
+          },
+        });
+
+      const appGRoupPermissions = await manager.save(
+        manager.create(AppsGroupPermissions, {
+          ...createAppPermissionsObj,
+          granularPermissionId: granularPermissions.id,
+        })
+      );
+      if (resourcesToAdd) {
+        await Promise.all(
+          resourcesToAdd.map((app) => {
+            return manager.save(GroupApps, {
+              appId: app.appId,
+              appsGroupPermissionsId: appGRoupPermissions.id,
+            });
+          })
+        );
+      }
+    }, manager);
+  }
+
+  private async updateResourcePermissions(
+    updateResourceGroupPermissionsObject: UpdateResourceGroupPermissionsObject,
+    organizationId: string,
+    manager?: EntityManager
+  ) {
+    const { granularPermissions } = updateResourceGroupPermissionsObject;
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      switch (granularPermissions.type) {
+        case ResourceType.APP:
+          await this.updateAppsGroupPermission(updateResourceGroupPermissionsObject, organizationId, manager);
+          break;
+      }
+    }, manager);
+  }
+
+  private async updateAppsGroupPermission(
+    UpdateResourceGroupPermissionsObject: UpdateResourceGroupPermissionsObject,
+    organizationId: string,
+    manager?: EntityManager
+  ) {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const { granularPermissions, actions, resourcesToDelete, resourcesToAdd, group, allowRoleChange } =
+        UpdateResourceGroupPermissionsObject;
+
+      validateAppResourcePermissionUpdateOperation(group, actions);
+      const { canEdit } = actions;
+      const groupEndUsers = await this.groupPermissionsUtilityService.getRoleUsersList(
+        USER_ROLE.END_USER,
+        organizationId,
+        granularPermissions.groupId,
+        manager
+      );
+      if (groupEndUsers.length && canEdit) {
+        if (!allowRoleChange) {
+          throw new MethodNotAllowedException({
+            message: {
+              error: ERROR_HANDLER.UPDATE_EDITABLE_PERMISSION_END_USER_GROUP,
+              data: groupEndUsers?.map((user) => user.email),
+              title: 'Cannot add this permission to the group',
+              type: 'USER_ROLE_CHANGE',
+            },
+          });
+        }
+        await Promise.all(
+          groupEndUsers.map(async (userItem) => {
+            const currentRoleUser = userItem.userGroups[0].id;
+            const roleGroup = await this.groupPermissionsUtilityService.getRoleGroup(
+              USER_ROLE.BUILDER,
+              group.organizationId,
+              manager
+            );
+            await manager.delete(GroupUsers, currentRoleUser);
+            const newUserRole = manager.create(GroupUsers, { groupId: roleGroup.id, userId: userItem.id });
+            await manager.save(newUserRole);
+          })
+        );
+      }
+
+      const appsGroupPermissions = await manager.findOne(AppsGroupPermissions, {
+        where: {
+          granularPermissionId: granularPermissions.id,
+        },
+      });
+
+      if (actions) {
+        if (actions.canEdit) actions.canView = false;
+        else if (actions.canView) actions.canEdit = false;
+        await manager.update(AppsGroupPermissions, appsGroupPermissions.id, actions);
+      }
+      if (resourcesToDelete?.length) {
+        for (const groupApp of resourcesToDelete) await manager.delete(GroupApps, groupApp.id);
+      }
+      if (resourcesToAdd?.length) {
+        for (const app of resourcesToAdd) {
+          await manager.save(
+            manager.create(GroupApps, {
+              appId: app.appId,
+              appsGroupPermissionsId: appsGroupPermissions.id,
+            })
+          );
+        }
+      }
+    }, manager);
+  }
+}
diff --git a/server/src/services/group_permissions.service.ts b/server/src/services/group_permissions.service.ts
deleted file mode 100644
index 3f69b10f3b..0000000000
--- a/server/src/services/group_permissions.service.ts
+++ /dev/null
@@ -1,516 +0,0 @@
-import { BadRequestException, ConflictException, Injectable } from '@nestjs/common';
-import { InjectRepository } from '@nestjs/typeorm';
-import { Repository, createQueryBuilder, In, Not, EntityManager, Brackets } from 'typeorm';
-import { User } from 'src/entities/user.entity';
-import { GroupPermission } from 'src/entities/group_permission.entity';
-import { App } from 'src/entities/app.entity';
-import { AppGroupPermission } from 'src/entities/app_group_permission.entity';
-import { UserGroupPermission } from 'src/entities/user_group_permission.entity';
-import { UsersService } from './users.service';
-import { dbTransactionWrap, getMaxCopyNumber } from 'src/helpers/utils.helper';
-import { DuplucateGroupDto } from '@dto/group-permission.dto';
-
-@Injectable()
-export class GroupPermissionsService {
-  constructor(
-    @InjectRepository(GroupPermission)
-    private groupPermissionsRepository: Repository<GroupPermission>,
-
-    @InjectRepository(AppGroupPermission)
-    private appGroupPermissionsRepository: Repository<AppGroupPermission>,
-
-    @InjectRepository(UserGroupPermission)
-    private userGroupPermissionsRepository: Repository<UserGroupPermission>,
-
-    @InjectRepository(User)
-    private userRepository: Repository<User>,
-
-    @InjectRepository(App)
-    private appRepository: Repository<App>,
-
-    private usersService: UsersService
-  ) {}
-
-  async create(user: User, group: string, manager?: EntityManager): Promise<void> {
-    if (!group || group === '') {
-      throw new BadRequestException('Cannot create group without name');
-    }
-
-    const reservedGroups = ['All Users', 'Admin'];
-
-    if (reservedGroups.includes(group)) {
-      throw new BadRequestException('Group name already exist');
-    }
-
-    const groupToFind = await this.groupPermissionsRepository.findOne({
-      where: {
-        organizationId: user.organizationId,
-        group,
-      },
-    });
-
-    if (groupToFind) {
-      throw new ConflictException('Group name already exist');
-    }
-
-    await dbTransactionWrap(async (manager: EntityManager) => {
-      await manager.save(
-        manager.create(GroupPermission, {
-          organizationId: user.organizationId,
-          group: group,
-        })
-      );
-    }, manager);
-  }
-
-  async destroy(user: User, groupPermissionId: string, manager?: EntityManager): Promise<void> {
-    const groupPermission = await this.groupPermissionsRepository.findOne({
-      where: {
-        id: groupPermissionId,
-      },
-    });
-
-    if (groupPermission.group == 'admin' || groupPermission.group == 'all_users') {
-      throw new BadRequestException('Cannot delete default group');
-    }
-    await dbTransactionWrap(async (manager: EntityManager) => {
-      const relationalEntitiesToBeDeleted = [AppGroupPermission, UserGroupPermission];
-
-      for (const entityToDelete of relationalEntitiesToBeDeleted) {
-        const entities = await manager.find(entityToDelete, {
-          where: { groupPermissionId },
-        });
-
-        for (const entity of entities) {
-          await manager.delete(entityToDelete, entity.id);
-        }
-      }
-
-      await manager.delete(GroupPermission, {
-        organizationId: user.organizationId,
-        id: groupPermissionId,
-      });
-    }, manager);
-  }
-
-  async updateAppGroupPermission(
-    user: User,
-    groupPermissionId: string,
-    appGroupPermissionId: string,
-    actions: any,
-    manager?: EntityManager
-  ) {
-    const appGroupPermission = await this.appGroupPermissionsRepository.findOne({
-      where: {
-        id: appGroupPermissionId,
-        groupPermissionId: groupPermissionId,
-      },
-    });
-    const groupPermission = await this.groupPermissionsRepository.findOne({
-      where: {
-        id: appGroupPermission.groupPermissionId,
-      },
-    });
-
-    if (groupPermission.organizationId !== user.organizationId) {
-      throw new BadRequestException();
-    }
-    if (groupPermission.group == 'admin') {
-      throw new BadRequestException('Cannot update admin group');
-    }
-
-    await dbTransactionWrap(async (manager: EntityManager) => {
-      await manager.update(AppGroupPermission, appGroupPermissionId, actions);
-    }, manager);
-  }
-
-  async update(user: User, groupPermissionId: string, body: any, manager?: EntityManager) {
-    const groupPermission = await this.groupPermissionsRepository.findOne({
-      where: {
-        id: groupPermissionId,
-        organizationId: user.organizationId,
-      },
-    });
-
-    const {
-      name,
-      app_create,
-      app_delete,
-      add_apps,
-      remove_apps,
-      add_users,
-      remove_users,
-      folder_create,
-      org_environment_variable_create,
-      org_environment_variable_update,
-      org_environment_variable_delete,
-      folder_delete,
-      folder_update,
-      org_environment_constant_create,
-      org_environment_constant_delete,
-    } = body;
-
-    return await dbTransactionWrap(async (manager: EntityManager) => {
-      //update user group name
-      if (name) {
-        const newName = name.trim();
-        if (!newName) {
-          throw new BadRequestException('Group name should not be empty');
-        }
-
-        const reservedGroups = ['admin', 'all_users'];
-        if (reservedGroups.includes(groupPermission.group)) {
-          throw new BadRequestException('Cannot update a default group name');
-        }
-
-        if (reservedGroups.includes(newName.replace(/ /g, '_').toLowerCase())) {
-          throw new BadRequestException('Group name already exists');
-        }
-
-        const groupToFind = await this.groupPermissionsRepository.findOne({
-          where: {
-            organizationId: user.organizationId,
-            group: newName,
-          },
-        });
-
-        if (groupToFind && groupToFind.id !== groupPermission.id) {
-          throw new ConflictException('Group name already exists');
-        } else if (!groupToFind) {
-          await manager.update(GroupPermission, groupPermissionId, { group: newName });
-        }
-      }
-
-      // update group permissions
-      const groupPermissionUpdateParams = {
-        ...(typeof app_create === 'boolean' && { appCreate: app_create }),
-        ...(typeof app_delete === 'boolean' && { appDelete: app_delete }),
-        ...(typeof folder_create === 'boolean' && { folderCreate: folder_create }),
-        ...(typeof org_environment_variable_create === 'boolean' && {
-          orgEnvironmentVariableCreate: org_environment_variable_create,
-        }),
-        ...(typeof org_environment_variable_update === 'boolean' && {
-          orgEnvironmentVariableUpdate: org_environment_variable_update,
-        }),
-        ...(typeof org_environment_variable_delete === 'boolean' && {
-          orgEnvironmentVariableDelete: org_environment_variable_delete,
-        }),
-        ...(typeof folder_delete === 'boolean' && { folderDelete: folder_delete }),
-        ...(typeof folder_update === 'boolean' && { folderUpdate: folder_update }),
-
-        ...(typeof org_environment_constant_create === 'boolean' && {
-          orgEnvironmentConstantCreate: org_environment_constant_create,
-        }),
-        ...(typeof org_environment_constant_delete === 'boolean' && {
-          orgEnvironmentConstantDelete: org_environment_constant_delete,
-        }),
-      };
-      if (Object.keys(groupPermissionUpdateParams).length !== 0) {
-        await manager.update(GroupPermission, groupPermissionId, groupPermissionUpdateParams);
-      }
-
-      // update app group permissions
-      if (remove_apps) {
-        if (groupPermission.group == 'admin') {
-          throw new BadRequestException('Cannot update admin group');
-        }
-        for (const appId of remove_apps) {
-          await manager.delete(AppGroupPermission, {
-            appId: appId,
-            groupPermissionId: groupPermissionId,
-          });
-        }
-      }
-
-      if (add_apps) {
-        if (groupPermission.group == 'admin') {
-          throw new BadRequestException('Cannot update admin group');
-        }
-        for (const appId of add_apps) {
-          await manager.save(
-            AppGroupPermission,
-            manager.create(AppGroupPermission, {
-              appId: appId,
-              groupPermissionId: groupPermissionId,
-              read: true,
-            })
-          );
-        }
-      }
-
-      // update user group permissions
-      if (remove_users) {
-        for (const userId of body.remove_users) {
-          const params = {
-            removeGroups: [groupPermission.group],
-          };
-          await this.usersService.update(userId, params, manager, user.organizationId);
-        }
-      }
-
-      if (add_users) {
-        for (const userId of body.add_users) {
-          const params = {
-            addGroups: [groupPermission.group],
-          };
-          await this.usersService.update(userId, params, manager, user.organizationId);
-        }
-      }
-    }, manager);
-  }
-
-  async findOne(user: User, groupPermissionId: string): Promise<GroupPermission> {
-    return this.groupPermissionsRepository.findOne({
-      where: {
-        organizationId: user.organizationId,
-        id: groupPermissionId,
-      },
-    });
-  }
-
-  async duplicateGroup(
-    user: User,
-    groupPermissionId: string,
-    body: DuplucateGroupDto,
-    manager?: EntityManager
-  ): Promise<GroupPermission> {
-    const groupToDuplicate = await this.findOne(user, groupPermissionId);
-    let newGroup: GroupPermission;
-
-    const { addPermission, addApps, addUsers } = body;
-
-    if (!groupToDuplicate) throw new BadRequestException('Wrong group id');
-
-    const existNameList = await createQueryBuilder()
-      .select(['group_permissions.group', 'group_permissions.id'])
-      .from(GroupPermission, 'group_permissions')
-      .where('group_permissions.group ~* :pattern', { pattern: `^${groupToDuplicate.group}_copy_[0-9]+$` })
-      .orWhere('group_permissions.group = :groupToDuplicateGroup', {
-        groupToDuplicateGroup: `${groupToDuplicate.group}_copy`,
-      })
-      .andWhere('group_permissions.id != :groupPermissionId', { groupPermissionId })
-      .andWhere('group_permissions.organizationId = :organizationId', { organizationId: user.organizationId })
-      .getMany();
-
-    let newName = `${groupToDuplicate.group}_copy`;
-    const number = getMaxCopyNumber(existNameList.map((group) => group.group));
-    if (number) newName = `${groupToDuplicate.group}_copy_${number}`;
-    await dbTransactionWrap(async (manager: EntityManager) => {
-      newGroup = manager.create(GroupPermission, {
-        organizationId: user.organizationId,
-        group: newName,
-      });
-      await manager.save(GroupPermission, newGroup);
-      if (addPermission) {
-        const {
-          appCreate,
-          appDelete,
-          folderCreate,
-          orgEnvironmentVariableCreate,
-          orgEnvironmentVariableUpdate,
-          orgEnvironmentVariableDelete,
-          orgEnvironmentConstantCreate,
-          orgEnvironmentConstantDelete,
-          folderDelete,
-          folderUpdate,
-        } = groupToDuplicate;
-
-        const updateParam = {
-          appCreate,
-          appDelete,
-          folderCreate,
-          orgEnvironmentVariableCreate,
-          orgEnvironmentVariableUpdate,
-          orgEnvironmentVariableDelete,
-          orgEnvironmentConstantCreate,
-          orgEnvironmentConstantDelete,
-          folderDelete,
-          folderUpdate,
-        };
-
-        await manager.update(GroupPermission, { id: newGroup.id }, updateParam);
-      }
-      const apps = await groupToDuplicate.apps;
-
-      if (addApps) {
-        for (const app of apps) {
-          const appGrpPermission = await this.appGroupPermissionsRepository.findOne({
-            where: {
-              appId: app.id,
-              groupPermissionId: groupToDuplicate.id,
-            },
-          });
-          if (appGrpPermission)
-            await manager.save(
-              AppGroupPermission,
-              manager.create(AppGroupPermission, {
-                appId: app.id,
-                groupPermissionId: newGroup.id,
-                read: appGrpPermission.read,
-                update: appGrpPermission.update,
-                delete: appGrpPermission.delete,
-                hideFromDashboard: appGrpPermission.hideFromDashboard,
-              })
-            );
-        }
-      }
-    }, manager);
-
-    if (addUsers) {
-      const usersGroup = await groupToDuplicate.users;
-      for (const userAdd of usersGroup) {
-        const params = {
-          addGroups: [newGroup.group],
-        };
-        await this.usersService.update(userAdd.id, params, manager, user.organizationId);
-      }
-    }
-
-    return newGroup;
-  }
-
-  async findAll(user: User): Promise<GroupPermission[]> {
-    const groupPermissions = await this.groupPermissionsRepository.find({
-      where: { organizationId: user.organizationId },
-      order: { createdAt: 'ASC' },
-    });
-
-    const customSortGroupPermission = (a, b) => {
-      if (a.group === 'all_users') {
-        return -1; // 'all_users' comes first
-      } else if (b.group === 'all_users') {
-        return 1; // 'all_users' comes first
-      } else if (a.group === 'admin') {
-        return -1; // 'admin' comes second
-      } else if (b.group === 'admin') {
-        return 1; // 'admin' comes second
-      } else {
-        return 0; // No specific order for other groups
-      }
-    };
-
-    return groupPermissions.sort(customSortGroupPermission);
-  }
-
-  async findApps(user: User, groupPermissionId: string): Promise<App[]> {
-    return createQueryBuilder(App, 'apps')
-      .innerJoinAndSelect('apps.groupPermissions', 'group_permissions')
-      .innerJoinAndSelect('apps.appGroupPermissions', 'app_group_permissions')
-      .where('group_permissions.id = :groupPermissionId', {
-        groupPermissionId,
-      })
-      .andWhere('group_permissions.organization_id = :organizationId', {
-        organizationId: user.organizationId,
-      })
-      .andWhere('app_group_permissions.group_permission_id = :groupPermissionId', { groupPermissionId })
-      .orderBy('apps.created_at', 'DESC')
-      .getMany();
-  }
-
-  async findAddableApps(user: User, groupPermissionId: string): Promise<App[]> {
-    const groupPermission = await this.groupPermissionsRepository.findOne({
-      where: {
-        id: groupPermissionId,
-        organizationId: user.organizationId,
-      },
-    });
-
-    const appsInGroup = await groupPermission.apps;
-    const appsInGroupIds = appsInGroup.map((u) => u.id);
-
-    return await this.appRepository.find({
-      where: {
-        id: Not(In(appsInGroupIds)),
-        organizationId: user.organizationId,
-      },
-      loadEagerRelations: false,
-      relations: ['groupPermissions', 'appGroupPermissions'],
-    });
-  }
-
-  async findUsers(user: User, groupPermissionId: string): Promise<User[]> {
-    return createQueryBuilder(User, 'users')
-      .select(['users.id', 'users.firstName', 'users.lastName', 'users.email'])
-      .innerJoin('users.groupPermissions', 'group_permissions')
-      .innerJoin('users.userGroupPermissions', 'user_group_permissions')
-      .where('group_permissions.id = :groupPermissionId', {
-        groupPermissionId,
-      })
-      .andWhere('group_permissions.organization_id = :organizationId', {
-        organizationId: user.organizationId,
-      })
-      .andWhere('user_group_permissions.group_permission_id = :groupPermissionId', { groupPermissionId })
-      .orderBy('users.created_at', 'DESC')
-      .getMany();
-  }
-
-  async findAddableUsers(user: User, groupPermissionId: string, searchInput: string): Promise<User[]> {
-    const groupPermission = await this.groupPermissionsRepository.findOne({
-      where: {
-        id: groupPermissionId,
-        organizationId: user.organizationId,
-      },
-    });
-
-    const userInGroup = await groupPermission.users;
-    const usersInGroupIds = userInGroup.map((u) => u.id);
-
-    const adminUsers = await createQueryBuilder(UserGroupPermission, 'user_group_permissions')
-      .innerJoin(
-        GroupPermission,
-        'group_permissions',
-        'group_permissions.id = user_group_permissions.group_permission_id'
-      )
-      .where('group_permissions.group = :group', { group: 'admin' })
-      .andWhere('group_permissions.organization_id = :organizationId', {
-        organizationId: user.organizationId,
-      })
-      .getMany();
-    const adminUserIds = adminUsers.map((u) => u.userId);
-
-    const getOrConditions = () => {
-      return new Brackets((qb) => {
-        if (searchInput) {
-          qb.orWhere('lower(user.email) like :email', {
-            email: `%${searchInput.toLowerCase()}%`,
-          });
-          qb.orWhere('lower(user.firstName) like :firstName', {
-            firstName: `%${searchInput.toLowerCase()}%`,
-          });
-          qb.orWhere('lower(user.lastName) like :lastName', {
-            lastName: `%${searchInput.toLowerCase()}%`,
-          });
-        }
-      });
-    };
-
-    const builtQuery = createQueryBuilder(User, 'user')
-      .select(['user.id', 'user.firstName', 'user.lastName', 'user.email'])
-      .innerJoin(
-        'user.organizationUsers',
-        'organization_users',
-        'organization_users.organizationId = :organizationId',
-        { organizationId: user.organizationId }
-      )
-      .where('user.id NOT IN (:...userList)', { userList: [...usersInGroupIds, ...adminUserIds] })
-      .andWhere(getOrConditions());
-
-    if (!searchInput) {
-      builtQuery.take(10); // Limiting to 10 users if there's no search input
-    }
-
-    builtQuery.orderBy('user.firstName');
-    return await builtQuery.getMany();
-  }
-
-  async createUserGroupPermission(userId: string, groupPermissionId: string, manager?: EntityManager) {
-    await dbTransactionWrap(async (manager: EntityManager) => {
-      await manager.save(
-        manager.create(UserGroupPermission, {
-          userId,
-          groupPermissionId,
-        })
-      );
-    }, manager);
-  }
-}
diff --git a/server/src/services/group_permissions.service.v2.ts b/server/src/services/group_permissions.service.v2.ts
new file mode 100644
index 0000000000..bd8b74eb99
--- /dev/null
+++ b/server/src/services/group_permissions.service.v2.ts
@@ -0,0 +1,278 @@
+import { Injectable, BadRequestException, MethodNotAllowedException } from '@nestjs/common';
+import { GroupPermissions } from 'src/entities/group_permissions.entity';
+import {
+  UpdateGroupPermissionDto,
+  CreateGroupPermissionDto,
+  AddGroupUserDto,
+  DuplicateGroupDto,
+} from '@dto/group_permissions.dto';
+import { User } from 'src/entities/user.entity';
+import {
+  USER_ROLE,
+  ERROR_HANDLER,
+  DATA_BASE_CONSTRAINTS,
+  GROUP_PERMISSIONS_TYPE,
+} from '@module/user_resource_permissions/constants/group-permissions.constant';
+import { dbTransactionWrap, catchDbException } from 'src/helpers/utils.helper';
+import { EntityManager, getManager } from 'typeorm';
+import {
+  CreateDefaultGroupObject,
+  GetGroupUsersObject,
+  GetUsersResponse,
+} from '@module/user_resource_permissions/interface/group-permissions.interface';
+import { GroupUsers } from 'src/entities/group_users.entity';
+import {
+  getAllUserGroupsQuery,
+  getUserDetailQuery,
+  getUserInGroupQuery,
+  validateAddGroupUserOperation,
+  validateUpdateGroupOperation,
+} from '@module/user_resource_permissions/utility/group-permissions.utility';
+import { GroupPermissionsUtilityService } from '@module/user_resource_permissions/services/group-permissions.utility.service';
+import { getAllGranularPermissionQuery } from '@module/user_resource_permissions/utility/granular-permissios.utility';
+const _ = require('lodash');
+
+@Injectable()
+export class GroupPermissionsServiceV2 {
+  constructor(private groupPermissionsUtilityService: GroupPermissionsUtilityService) {}
+
+  /**
+   * Creates a new group permission for a specified organization.
+   *
+   * @param organizationId The ID of the organization for which the group permission is being created.
+   * @param createGroupObject An object containing the data to create the new group permission.
+   * @returns A Promise that resolves when the group permission is successfully created.
+   * @throws BadRequestException if the group name already exists in the USER_ROLE enum.
+   */
+  async create(
+    organizationId: string,
+    createGroupObject: CreateGroupPermissionDto | CreateDefaultGroupObject,
+    manager?: EntityManager
+  ): Promise<GroupPermissions> {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      return await catchDbException(async () => {
+        const group = manager.create(GroupPermissions, { ...createGroupObject, organizationId });
+        return await manager.save(group);
+      }, [DATA_BASE_CONSTRAINTS.GROUP_NAME_UNIQUE]);
+    }, manager);
+  }
+
+  async getAllGroup(organizationId: string): Promise<GetUsersResponse> {
+    const manager: EntityManager = getManager();
+    const result = await manager.findAndCount(GroupPermissions, {
+      where: { organizationId },
+      order: { type: 'DESC' },
+    });
+    const response: GetUsersResponse = {
+      groupPermissions: result[0],
+      length: result[1],
+    };
+    return response;
+  }
+
+  async getGroup(id: string, manager?: EntityManager): Promise<{ group: GroupPermissions; isBuilderLevel: boolean }> {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const [group, isBuilderLevelResourcePermissions] = await Promise.all([
+        manager.findOne(GroupPermissions, {
+          where: { id },
+        }),
+        await this.groupPermissionsUtilityService.checkIfBuilderLevelResourcesPermissions(id, manager),
+      ]);
+      const isBuilderLevelMainPermissions = Object.values(group).some(
+        (value) => typeof value === 'boolean' && value === true
+      );
+      const isBuilderLevel = isBuilderLevelResourcePermissions || isBuilderLevelMainPermissions;
+      return { group, isBuilderLevel };
+    }, manager);
+  }
+
+  async updateGroup(id: string, updateGroupPermissionDto: UpdateGroupPermissionDto, manager?: EntityManager) {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const { group } = await this.getGroup(id);
+      if (!group) throw new BadRequestException(ERROR_HANDLER.GROUP_NOT_EXIST);
+
+      validateUpdateGroupOperation(group, updateGroupPermissionDto);
+      const { allowRoleChange } = updateGroupPermissionDto;
+      delete updateGroupPermissionDto.allowRoleChange;
+      const keys = Object.keys(updateGroupPermissionDto);
+      const validatePermissionsUpdate = !(keys.length === 1 && keys.includes('name'));
+      const editPermissionsPresent = Object.keys(updateGroupPermissionDto).some(
+        (value) => typeof updateGroupPermissionDto?.[value] === 'boolean' && updateGroupPermissionDto?.[value] === true
+      );
+      if (validatePermissionsUpdate) {
+        const getEndUsersList = await this.groupPermissionsUtilityService.getRoleUsersList(
+          USER_ROLE.END_USER,
+          group.organizationId,
+          group.id
+        );
+
+        if (getEndUsersList.length && editPermissionsPresent) {
+          if (!allowRoleChange) {
+            throw new MethodNotAllowedException({
+              message: {
+                error: ERROR_HANDLER.UPDATE_EDITABLE_PERMISSION_END_USER_GROUP,
+                data: getEndUsersList?.map((user) => user.email),
+                title: 'Cannot add this permission to the group',
+                type: 'USER_ROLE_CHANGE',
+              },
+            });
+          }
+          await Promise.all(
+            getEndUsersList.map(async (userItem) => {
+              const currentRoleUser = userItem.userGroups[0].id;
+              const roleGroup = await this.groupPermissionsUtilityService.getRoleGroup(
+                USER_ROLE.BUILDER,
+                group.organizationId,
+                manager
+              );
+              await this.deleteGroupUser(currentRoleUser, manager);
+              const newUserRole = manager.create(GroupUsers, { groupId: roleGroup.id, userId: userItem.id });
+              await manager.save(newUserRole);
+            })
+          );
+        }
+      }
+      return await catchDbException(async () => {
+        await manager.update(GroupPermissions, id, updateGroupPermissionDto);
+      }, [DATA_BASE_CONSTRAINTS.GROUP_NAME_UNIQUE]);
+    }, manager);
+  }
+
+  async deleteGroup(id: string): Promise<void> {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const { group } = await this.getGroup(id, manager);
+      if (group.type == GROUP_PERMISSIONS_TYPE.DEFAULT)
+        throw new BadRequestException(ERROR_HANDLER.DEFAULT_GROUP_UPDATE_NOT_ALLOWED);
+      return await manager.delete(GroupPermissions, id);
+    });
+  }
+
+  private async createGroupUser(user: User, group: GroupPermissions, manager?: EntityManager): Promise<GroupUsers> {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      return await catchDbException(async () => {
+        const groupUser = manager.create(GroupUsers, { groupId: group.id, userId: user.id });
+        return await manager.save(groupUser);
+      }, [DATA_BASE_CONSTRAINTS.GROUP_USER_UNIQUE]);
+    }, manager);
+  }
+
+  async getAllGroupUsers(
+    getGroupUsersObject: GetGroupUsersObject,
+    searchInput?: string,
+    manager?: EntityManager
+  ): Promise<GroupUsers[]> {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      return await getUserInGroupQuery(getGroupUsersObject, manager, searchInput).getMany();
+    }, manager);
+  }
+
+  async getGroupUser(id: string, manager?: EntityManager): Promise<GroupUsers> {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      return await manager.findOne(GroupUsers, id, {
+        relations: ['group'],
+      });
+    }, manager);
+  }
+
+  async getAllUserGroups(userId: string, organizationId: string, manager?: EntityManager): Promise<GroupPermissions[]> {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      return await getAllUserGroupsQuery(userId, organizationId, manager).getMany();
+    }, manager);
+  }
+
+  async deleteGroupUser(id: string, manager?: EntityManager): Promise<GroupUsers> {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      return await manager.delete(GroupUsers, id);
+    }, manager);
+  }
+
+  async addGroupUsers(addGroupUserDto: AddGroupUserDto, organizationId: string, manager?: EntityManager) {
+    const { userIds, groupId, allowRoleChange } = addGroupUserDto;
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const { group, isBuilderLevel } = await this.getGroup(groupId, manager);
+      validateAddGroupUserOperation(group);
+      const editorRoleUsers = await this.groupPermissionsUtilityService.getRoleUsersList(
+        USER_ROLE.END_USER,
+        organizationId
+      );
+      const editorUsersToBeAdded = editorRoleUsers.filter((user) => userIds.includes(user.id));
+      if (isBuilderLevel && editorUsersToBeAdded.length) {
+        if (!allowRoleChange) {
+          throw new MethodNotAllowedException({
+            message: {
+              error: ERROR_HANDLER.UPDATE_EDITABLE_PERMISSION_END_USER_GROUP,
+              data: editorUsersToBeAdded?.map((user) => user.email),
+              title: 'Cannot add this permission to the group',
+              type: 'USER_ROLE_CHANGE_ADD_USERS',
+            },
+          });
+        }
+        await Promise.all(
+          editorUsersToBeAdded.map(async (userItem) => {
+            const currentRoleUser = userItem.userGroups[0].id;
+            const roleGroup = await this.groupPermissionsUtilityService.getRoleGroup(
+              USER_ROLE.BUILDER,
+              organizationId,
+              manager
+            );
+            await this.deleteGroupUser(currentRoleUser, manager);
+            const newUserRole = manager.create(GroupUsers, { groupId: roleGroup.id, userId: userItem.id });
+            await manager.save(newUserRole);
+          })
+        );
+      }
+      return await Promise.all(
+        userIds.map(async (userId) => {
+          const user = await getUserDetailQuery(userId, organizationId, manager).getOne();
+          if (!user) throw new BadRequestException(ERROR_HANDLER.ADD_GROUP_USER_NON_EXISTING_USER);
+          return await this.createGroupUser(user, group, manager);
+        })
+      );
+    }, manager);
+  }
+
+  async duplicateGroup(
+    groupId: string,
+    duplicateGroupDto: DuplicateGroupDto,
+    manager?: EntityManager
+  ): Promise<GroupPermissions> {
+    const { addApps, addPermission, addUsers } = duplicateGroupDto;
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const { group } = await this.getGroup(groupId, manager);
+      if (!group) throw new BadRequestException(ERROR_HANDLER.GROUP_NOT_EXIST);
+      const newGroup = await this.groupPermissionsUtilityService.duplicateGroup(group, addPermission, manager);
+      if (addUsers) {
+        const groupUsers = await this.getAllGroupUsers(
+          { groupId, organizationId: group.organizationId },
+          null,
+          manager
+        );
+        await Promise.all(
+          groupUsers.map(async (groupUser) => {
+            await this.createGroupUser(groupUser.user, newGroup, manager);
+          })
+        );
+      }
+      if (addApps) {
+        const allGranularPermissions = await getAllGranularPermissionQuery({ groupId }, manager).getMany();
+        await Promise.all(
+          allGranularPermissions.map(async (permissions) => {
+            //Deep cloning here cause the object will be updated in the function
+            const permissionsToDuplicate = _.cloneDeep(permissions);
+            const granularPermission = await this.groupPermissionsUtilityService.duplicateGranularPermissions(
+              permissionsToDuplicate,
+              newGroup.id,
+              manager
+            );
+            await this.groupPermissionsUtilityService.duplicateResourcePermissions(
+              permissions,
+              granularPermission.id,
+              manager
+            );
+          })
+        );
+      }
+      return newGroup;
+    }, manager);
+  }
+}
diff --git a/server/src/services/metadata.service.ts b/server/src/services/metadata.service.ts
index 2189646de8..4a57bade73 100644
--- a/server/src/services/metadata.service.ts
+++ b/server/src/services/metadata.service.ts
@@ -9,6 +9,10 @@ import { ConfigService } from '@nestjs/config';
 import { InternalTable } from 'src/entities/internal_table.entity';
 import { App } from 'src/entities/app.entity';
 import { DataSource } from 'src/entities/data_source.entity';
+import {
+  GROUP_PERMISSIONS_TYPE,
+  USER_ROLE,
+} from '@module/user_resource_permissions/constants/group-permissions.constant';
 
 @Injectable()
 export class MetadataService {
@@ -139,9 +143,15 @@ export class MetadataService {
     const userIdsWithEditPermissions = (
       await manager
         .createQueryBuilder(User, 'users')
-        .innerJoin('users.groupPermissions', 'group_permissions')
-        .innerJoin('group_permissions.appGroupPermission', 'app_group_permissions')
-        .where('app_group_permissions.read = true AND app_group_permissions.update = true')
+        .innerJoin('users.userPermissions', 'userPermissions', 'userPermissions.type = :type', {
+          type: GROUP_PERMISSIONS_TYPE.DEFAULT,
+        })
+        .where('userPermissions.name = :role', {
+          role: USER_ROLE.BUILDER,
+        })
+        .orWhere('userPermissions.name = :role', {
+          role: USER_ROLE.ADMIN,
+        })
         .select('users.id')
         .distinct()
         .getMany()
@@ -158,12 +168,16 @@ export class MetadataService {
     return totalEditorCount;
   }
 
+  //change as per new permissions
   async fetchTotalViewerCount(manager: EntityManager) {
     return await manager
       .createQueryBuilder(User, 'users')
-      .innerJoin('users.groupPermissions', 'group_permissions')
-      .innerJoin('group_permissions.appGroupPermission', 'app_group_permissions')
-      .where('app_group_permissions.read = true AND app_group_permissions.update = false')
+      .innerJoin('users.userPermissions', 'userPermissions', 'userPermissions.type = :type', {
+        type: GROUP_PERMISSIONS_TYPE.DEFAULT,
+      })
+      .where('userPermissions.name = :role', {
+        role: USER_ROLE.END_USER,
+      })
       .select('users.id')
       .distinct()
       .getCount();
diff --git a/server/src/services/organization_users.service.ts b/server/src/services/organization_users.service.ts
index 53cc34409f..568b2a115a 100644
--- a/server/src/services/organization_users.service.ts
+++ b/server/src/services/organization_users.service.ts
@@ -1,13 +1,12 @@
 import { Injectable } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
 import { User } from '../entities/user.entity';
-import { createQueryBuilder, DeepPartial, EntityManager, getRepository, Repository } from 'typeorm';
+import { DeepPartial, EntityManager, getRepository, Repository } from 'typeorm';
 import { UsersService } from 'src/services/users.service';
 import { OrganizationUser } from 'src/entities/organization_user.entity';
 import { BadRequestException } from '@nestjs/common';
 import { EmailService } from './email.service';
 import { Organization } from 'src/entities/organization.entity';
-import { GroupPermission } from 'src/entities/group_permission.entity';
 import { dbTransactionWrap } from 'src/helpers/utils.helper';
 import { ConfigService } from '@nestjs/config';
 import { WORKSPACE_USER_SOURCE, WORKSPACE_USER_STATUS } from 'src/helpers/user_lifecycle';
@@ -59,18 +58,6 @@ export class OrganizationUsersService {
     }, manager);
   }
 
-  async changeRole(id: string, role: string) {
-    const organizationUser = await this.organizationUsersRepository.findOne({ where: { id } });
-    if (organizationUser.role == 'admin') {
-      const lastActiveAdmin = await this.lastActiveAdmin(organizationUser.organizationId);
-
-      if (lastActiveAdmin) {
-        throw new BadRequestException('Atleast one active admin is required.');
-      }
-    }
-    return await this.organizationUsersRepository.update(id, { role });
-  }
-
   async findByWorkspaceInviteToken(invitationToken: string): Promise<InvitedUserType> {
     const organizationUser = await getRepository(OrganizationUser)
       .createQueryBuilder('organizationUser')
@@ -133,7 +120,7 @@ export class OrganizationUsersService {
       relations: ['user'],
     });
 
-    await this.usersService.throwErrorIfRemovingLastActiveAdmin(organizationUser?.user, undefined, organizationId);
+    await this.usersService.throwErrorIfUserIsLastActiveAdmin(organizationUser?.user, organizationId);
     await this.organizationUsersRepository.update(id, {
       status: WORKSPACE_USER_STATUS.ARCHIVED,
       invitationToken: null,
@@ -229,20 +216,6 @@ export class OrganizationUsersService {
     return personalWorkspaceArray;
   }
 
-  async lastActiveAdmin(organizationId: string): Promise<boolean> {
-    const adminsCount = await this.activeAdminCount(organizationId);
-
-    return adminsCount <= 1;
-  }
-
-  async activeAdminCount(organizationId: string) {
-    return await createQueryBuilder(GroupPermission, 'group_permissions')
-      .innerJoin('group_permissions.userGroupPermission', 'user_group_permission')
-      .where('group_permissions.group = :admin', { admin: 'admin' })
-      .andWhere('group_permissions.organization = :organizationId', { organizationId })
-      .getCount();
-  }
-
   async organizationsCount(manager?: EntityManager) {
     return dbTransactionWrap(async (manager) => {
       return await manager
diff --git a/server/src/services/organizations.service.ts b/server/src/services/organizations.service.ts
index 134ab92e1d..5892bf3131 100644
--- a/server/src/services/organizations.service.ts
+++ b/server/src/services/organizations.service.ts
@@ -1,7 +1,6 @@
 import { BadRequestException, ConflictException, Injectable, NotAcceptableException } from '@nestjs/common';
 import * as csv from 'fast-csv';
 import { InjectRepository } from '@nestjs/typeorm';
-import { GroupPermission } from 'src/entities/group_permission.entity';
 import { Organization } from 'src/entities/organization.entity';
 import { SSOConfigs } from 'src/entities/sso_config.entity';
 import { User } from 'src/entities/user.entity';
@@ -17,7 +16,6 @@ import { Brackets, createQueryBuilder, DeepPartial, EntityManager, getManager, R
 import { OrganizationUser } from '../entities/organization_user.entity';
 import { EmailService } from './email.service';
 import { EncryptionService } from './encryption.service';
-import { GroupPermissionsService } from './group_permissions.service';
 import { OrganizationUsersService } from './organization_users.service';
 import { DataSourcesService } from './data_sources.service';
 import { UsersService } from './users.service';
@@ -30,15 +28,21 @@ import {
   USER_STATUS,
   WORKSPACE_USER_STATUS,
 } from 'src/helpers/user_lifecycle';
-import { decamelize } from 'humps';
 import { Response } from 'express';
 import { AppEnvironmentService } from './app_environments.service';
 import { DataBaseConstraints } from 'src/helpers/db_constraints.constants';
 import { OrganizationUpdateDto } from '@dto/organization.dto';
+import { UserRoleService } from './user-role.service';
+import {
+  GROUP_PERMISSIONS_TYPE,
+  USER_ROLE,
+} from '@module/user_resource_permissions/constants/group-permissions.constant';
 import { DataSourceScopes, DataSourceTypes } from 'src/helpers/data_source.constants';
 import { DataSource } from 'src/entities/data_source.entity';
 import { AppEnvironment } from 'src/entities/app_environments.entity';
 import { DataSourceOptions } from 'src/entities/data_source_options.entity';
+import { ERROR_HANDLER, ERROR_HANDLER_TITLE } from '@module/organizations/constant/constants';
+import { GroupPermissionsServiceV2 } from './group_permissions.service.v2';
 
 const MAX_ROW_COUNT = 500;
 
@@ -59,6 +63,7 @@ interface UserCsvRow {
   first_name: string;
   last_name: string;
   email: string;
+  role: string;
   groups?: any;
 }
 
@@ -83,11 +88,12 @@ export class OrganizationsService {
     private usersService: UsersService,
     private dataSourceService: DataSourcesService,
     private organizationUserService: OrganizationUsersService,
-    private groupPermissionService: GroupPermissionsService,
+    private groupPermissionService: GroupPermissionsServiceV2,
     private appEnvironmentService: AppEnvironmentService,
     private encryptionService: EncryptionService,
     private emailService: EmailService,
-    private configService: ConfigService
+    private configService: ConfigService,
+    private userRoleService: UserRoleService
   ) {}
 
   async create(name: string, slug: string, user: User, manager?: EntityManager): Promise<Organization> {
@@ -112,17 +118,11 @@ export class OrganizationsService {
 
       await this.appEnvironmentService.createDefaultEnvironments(organization.id, manager);
 
-      const createdGroupPermissions: GroupPermission[] = await this.createDefaultGroupPermissionsForOrganization(
-        organization,
-        manager
-      );
+      await this.userRoleService.createDefaultGroups(organization.id, manager);
 
       if (user) {
         await this.organizationUserService.create(user, organization, false, manager);
-
-        for (const groupPermission of createdGroupPermissions) {
-          await this.groupPermissionService.createUserGroupPermission(user.id, groupPermission.id, manager);
-        }
+        await this.userRoleService.addUserRole({ role: USER_ROLE.ADMIN, userId: user.id }, organization.id, manager);
       }
     }, manager);
 
@@ -178,34 +178,6 @@ export class OrganizationsService {
     return await this.organizationsRepository.findOne({ relations: ['ssoConfigs'] });
   }
 
-  async createDefaultGroupPermissionsForOrganization(organization: Organization, manager?: EntityManager) {
-    const defaultGroups = ['all_users', 'admin'];
-
-    return await dbTransactionWrap(async (manager: EntityManager) => {
-      const createdGroupPermissions: GroupPermission[] = [];
-      for (const group of defaultGroups) {
-        const isAdmin = group === 'admin';
-        const groupPermission = manager.create(GroupPermission, {
-          organizationId: organization.id,
-          group: group,
-          appCreate: isAdmin,
-          appDelete: isAdmin,
-          folderCreate: isAdmin,
-          orgEnvironmentVariableCreate: isAdmin,
-          orgEnvironmentVariableUpdate: isAdmin,
-          orgEnvironmentVariableDelete: isAdmin,
-          orgEnvironmentConstantCreate: isAdmin,
-          orgEnvironmentConstantDelete: isAdmin,
-          folderUpdate: isAdmin,
-          folderDelete: isAdmin,
-        });
-        await manager.save(groupPermission);
-        createdGroupPermissions.push(groupPermission);
-      }
-      return createdGroupPermissions;
-    }, manager);
-  }
-
   async fetchUsersByValue(user: User, searchInput: string): Promise<any> {
     if (!searchInput) {
       return [];
@@ -266,9 +238,9 @@ export class OrganizationsService {
     const query = createQueryBuilder(OrganizationUser, 'organization_user')
       .innerJoinAndSelect('organization_user.user', 'user')
       .innerJoinAndSelect(
-        'user.groupPermissions',
-        'group_permissions',
-        'group_permissions.organization_id = :organizationId',
+        'user.userPermissions',
+        'userPermissions',
+        'userPermissions.organizationId = :organizationId',
         {
           organizationId: organizationId,
         }
@@ -290,6 +262,9 @@ export class OrganizationsService {
       .getMany();
 
     return organizationUsers?.map((orgUser) => {
+      //Change as per new group permissions
+      const role = orgUser.user.userPermissions.filter((group) => group.type === GROUP_PERMISSIONS_TYPE.DEFAULT);
+      const groups = orgUser.user.userPermissions.filter((group) => group.type === GROUP_PERMISSIONS_TYPE.CUSTOM_GROUP);
       return {
         email: orgUser.user.email,
         firstName: orgUser.user.firstName ?? '',
@@ -300,7 +275,8 @@ export class OrganizationsService {
         role: orgUser.role,
         status: orgUser.status,
         avatarId: orgUser.user.avatarId,
-        groups: orgUser.user.groupPermissions.map((groupPermission) => groupPermission.group),
+        groups: groups.map((groupPermission) => ({ name: groupPermission.name, id: groupPermission.id })),
+        roleGroup: role.map((groupPermission) => ({ name: groupPermission.name, id: groupPermission.id })),
         ...(orgUser.invitationToken ? { invitationToken: orgUser.invitationToken } : {}),
         ...(this.configService.get<string>('HIDE_ACCOUNT_SETUP_LINK') !== 'true' && orgUser.user.invitationToken
           ? { accountSetupToken: orgUser.user.invitationToken }
@@ -595,11 +571,10 @@ export class OrganizationsService {
       email: inviteNewUserDto.email,
       ...getUserStatusAndSource(lifecycleEvents.USER_INVITE),
     };
-    const groups = inviteNewUserDto.groups ?? [];
-
+    const groups = inviteNewUserDto?.groups;
+    const role = inviteNewUserDto.role;
     return await dbTransactionWrap(async (manager: EntityManager) => {
       let user = await this.usersService.findByEmail(userParams.email, undefined, undefined, manager);
-
       if (user?.status === USER_STATUS.ARCHIVED) {
         throw new BadRequestException(getUserErrorMessages(user.status));
       }
@@ -607,7 +582,12 @@ export class OrganizationsService {
         shouldSendWelcomeMail = false;
 
       if (user?.organizationUsers?.some((ou) => ou.organizationId === currentUser.organizationId)) {
-        throw new BadRequestException('Duplicate email found. Please provide a unique email address.');
+        throw new BadRequestException({
+          message: {
+            error: ERROR_HANDLER.DUPLICATE_EMAIL_PRESENT,
+            title: ERROR_HANDLER_TITLE.DUPLICATE_EMAIL_PRESENT,
+          },
+        });
       }
 
       if (user?.invitationToken) {
@@ -633,17 +613,21 @@ export class OrganizationsService {
       user = await this.usersService.create(
         userParams,
         currentUser.organizationId,
-        ['all_users', ...groups],
+        role,
         user,
         true,
         defaultOrganization?.id,
         manager
       );
-
       if (defaultOrganization) {
         // Setting up default organization
         await this.organizationUserService.create(user, defaultOrganization, true, manager);
-        await this.usersService.attachUserGroup(['all_users', 'admin'], defaultOrganization.id, user.id, manager);
+
+        await this.userRoleService.addUserRole(
+          { userId: user.id, role: USER_ROLE.END_USER },
+          defaultOrganization.id,
+          manager
+        );
       }
 
       const currentOrganization: Organization = await this.organizationsRepository.findOneOrFail({
@@ -657,6 +641,7 @@ export class OrganizationsService {
         manager
       );
 
+      await this.usersService.attachUserGroup(groups, currentOrganization.id, user.id, manager);
       const name = fullName(currentUser.firstName, currentUser.lastName);
       if (shouldSendWelcomeMail) {
         this.emailService
@@ -686,14 +671,8 @@ export class OrganizationsService {
     }, manager);
   }
 
-  decamelizeDefaultGroupNames(groups: string) {
-    return groups?.length
-      ? groups
-          .split('|')
-          .map((group: string) =>
-            group === 'All Users' || group === 'Admin' ? decamelize(group.replace(' ', '')) : group
-          )
-      : [];
+  createGroupsList(groups: string) {
+    return groups?.length ? groups.split('|') : [];
   }
 
   async inviteUserswrapper(users, currentUser: User): Promise<void> {
@@ -704,6 +683,19 @@ export class OrganizationsService {
     });
   }
 
+  convertUserRolesCasing(role: string) {
+    switch (role) {
+      case 'End User':
+        return 'end-user';
+      case 'Builder':
+        return 'builder';
+      case 'Admin':
+        return 'admin';
+      default:
+        break;
+    }
+  }
+
   async bulkUploadUsers(currentUser: User, fileStream, res: Response) {
     const users = [];
     const existingUsers = [];
@@ -711,28 +703,30 @@ export class OrganizationsService {
     const invalidRows = [];
     const invalidFields = new Set();
     const invalidGroups = [];
-    let isUserInOtherGroupsAndAdmin = false;
     const emailPattern = /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i;
     const manager = getManager();
-
-    const groupPermissions = await this.groupPermissionService.findAll(currentUser);
-    const existingGroups = groupPermissions.map((groupPermission) => groupPermission.group);
-
+    const invalidRoles = [];
+    const groupPermissions = (await this.groupPermissionService.getAllGroup(currentUser.organizationId))
+      .groupPermissions;
+    const existingGroups = groupPermissions.map((groupPermission) => groupPermission.name);
     csv
       .parseString(fileStream.toString(), {
-        headers: ['first_name', 'last_name', 'email', 'groups'],
+        headers: ['first_name', 'last_name', 'email', 'groups', 'role'],
         renameHeaders: true,
         ignoreEmpty: true,
       })
       .transform((row: UserCsvRow, next) => {
         return next(null, {
           ...row,
-          groups: this.decamelizeDefaultGroupNames(row?.groups),
+          groups: this.createGroupsList(row?.groups),
+          role: this.convertUserRolesCasing(row?.role),
         });
       })
       .validate(async (data: UserCsvRow, next) => {
         await dbTransactionWrap(async (manager: EntityManager) => {
           //Check for existing users
+
+          let isInvalidRole = false;
           const user = await this.usersService.findByEmail(data?.email, undefined, undefined, manager);
 
           if (user?.status === USER_STATUS.ARCHIVED) {
@@ -748,23 +742,22 @@ export class OrganizationsService {
 
           if (Array.isArray(receivedGroups)) {
             for (const group of receivedGroups) {
-              if (group === 'admin' && receivedGroups.includes('all_users') && receivedGroups.length > 2) {
-                isUserInOtherGroupsAndAdmin = true;
-                break;
-              }
-
               if (existingGroups.indexOf(group) === -1) {
                 invalidGroups.push(group);
               }
             }
           }
 
+          if (!Object.values(USER_ROLE).includes(data?.role as USER_ROLE)) {
+            invalidRoles.push(data?.role);
+            isInvalidRole = true;
+          }
+
           data.first_name = data.first_name?.trim();
           data.last_name = data.last_name?.trim();
 
           const isValidName = data.first_name !== '' || data.last_name !== '';
-
-          return next(null, isValidName && emailPattern.test(data.email) && receivedGroups?.length > 0);
+          return next(null, isValidName && emailPattern.test(data.email) && !isInvalidRole);
         }, manager);
       })
       .on('data', function () {})
@@ -792,18 +785,16 @@ export class OrganizationsService {
             throw new BadRequestException(errorMsg);
           }
 
-          if (isUserInOtherGroupsAndAdmin) {
-            throw new BadRequestException(
-              'Conflicting Group Memberships: User cannot be in both the Admin group and other groups simultaneously.'
-            );
-          }
-
           if (invalidGroups.length) {
             throw new BadRequestException(
               `${invalidGroups.length} group${isPlural(invalidGroups)} doesn't exist. No users were uploaded`
             );
           }
 
+          if (invalidRoles.length > 0) {
+            throw new BadRequestException('Invalid role present for the users');
+          }
+
           if (archivedUsers.length) {
             throw new BadRequestException(
               `User${isPlural(archivedUsers)} with email ${archivedUsers.join(
diff --git a/server/src/services/permissions-ability.service.ts b/server/src/services/permissions-ability.service.ts
new file mode 100644
index 0000000000..311a9ae33a
--- /dev/null
+++ b/server/src/services/permissions-ability.service.ts
@@ -0,0 +1,90 @@
+import { Injectable } from '@nestjs/common';
+import { User } from 'src/entities/user.entity';
+import { EntityManager } from 'typeorm';
+import { dbTransactionWrap } from '@helpers/utils.helper';
+import { USER_ROLE } from '@module/user_resource_permissions/constants/group-permissions.constant';
+import { GroupPermissions } from 'src/entities/group_permissions.entity';
+import {
+  DEFAULT_USER_APPS_PERMISSIONS,
+  DEFAULT_USER_PERMISSIONS,
+} from '@module/permissions/constants/permissions-ability.constant';
+import {
+  ResourcePermissionQueryObject,
+  UserAppsPermissions,
+  UserPermissions,
+} from '@module/permissions/interface/permissions-ability.interface';
+import { GranularPermissions } from 'src/entities/granular_permissions.entity';
+import { TOOLJET_RESOURCE } from 'src/constants/global.constant';
+import { getUserPermissionsQuery } from '@module/permissions/utility/permission-ability.utility';
+import { App } from 'src/entities/app.entity';
+
+@Injectable()
+export class AbilityService {
+  constructor() {}
+
+  async getResourcePermission(
+    user: User,
+    resourcePermissionsObject: ResourcePermissionQueryObject,
+    manager?: EntityManager
+  ): Promise<GroupPermissions[]> {
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      return await getUserPermissionsQuery(user.id, resourcePermissionsObject, manager).getMany();
+    }, manager);
+  }
+
+  async resourceActionsPermission(
+    user: User,
+    resourcePermissionsObject: ResourcePermissionQueryObject
+  ): Promise<UserPermissions> {
+    const permissions = await this.getResourcePermission(user, resourcePermissionsObject);
+
+    const adminGroup = permissions.find((group) => group.name === USER_ROLE.ADMIN);
+    const appsGranularPermissions = permissions.flatMap((item) => item.groupGranularPermissions);
+    const userPermissions: UserPermissions = permissions.reduce((acc, group) => {
+      return {
+        isAdmin: !!adminGroup,
+        appCreate: acc.appCreate || group.appCreate,
+        appDelete: acc.appDelete || group.appDelete,
+        folderCRUD: acc.folderCRUD || group.folderCRUD,
+        orgConstantCRUD: acc.folderCRUD || group.folderCRUD,
+        orgVariableCRUD: acc.orgVariableCRUD,
+      };
+    }, DEFAULT_USER_PERMISSIONS);
+    const { resources } = resourcePermissionsObject;
+    if (resources && resources.some((item) => item.resource === TOOLJET_RESOURCE.APP)) {
+      userPermissions[TOOLJET_RESOURCE.APP] = await this.createUserAppsPermissions(appsGranularPermissions, user);
+    }
+    return userPermissions;
+  }
+
+  private async createUserAppsPermissions(
+    appsGranularPermissions: GranularPermissions[],
+    user: User
+  ): Promise<UserAppsPermissions> {
+    const userAppsPermissions: UserAppsPermissions = appsGranularPermissions.reduce((acc, permission) => {
+      const appsPermission = permission?.appsGroupPermissions;
+      const groupApps = appsPermission?.groupApps ? appsPermission.groupApps.map((item) => item.appId) : [];
+      return {
+        isAllEditable: acc.isAllEditable || (permission.isAll && appsPermission?.canEdit),
+        editableAppsId: Array.from(new Set([...acc.editableAppsId, ...(appsPermission?.canEdit ? groupApps : [])])),
+        isAllViewable: acc.isAllViewable || (permission.isAll && appsPermission?.canView),
+        viewableAppsId: Array.from(new Set([...acc.viewableAppsId, ...(appsPermission?.canView ? groupApps : [])])),
+        hiddenAppsId: Array.from(
+          new Set([...acc.hiddenAppsId, ...(appsPermission?.hideFromDashboard ? groupApps : [])])
+        ),
+        hideAll: acc.hideAll || (appsPermission.hideFromDashboard && permission.isAll),
+      };
+    }, DEFAULT_USER_APPS_PERMISSIONS);
+    await dbTransactionWrap(async (manager: EntityManager) => {
+      const appsOwnedByUser = await manager.find(App, {
+        where: { userId: user.id, organizationId: user.organizationId },
+      });
+      const appsIdOwnedByUser = appsOwnedByUser.map((app) => app.id);
+      userAppsPermissions.editableAppsId = Array.from(
+        new Set([...userAppsPermissions.editableAppsId, ...appsIdOwnedByUser])
+      );
+    });
+
+    return userAppsPermissions;
+  }
+}
diff --git a/server/src/services/seeds.service.ts b/server/src/services/seeds.service.ts
index bcfb7f1f1d..b2cb47ea49 100644
--- a/server/src/services/seeds.service.ts
+++ b/server/src/services/seeds.service.ts
@@ -3,15 +3,15 @@ import { EntityManager } from 'typeorm/entity-manager/EntityManager';
 import { User } from '../entities/user.entity';
 import { Organization } from '../entities/organization.entity';
 import { OrganizationUser } from '../entities/organization_user.entity';
-import { GroupPermission } from 'src/entities/group_permission.entity';
 import { AppEnvironment } from 'src/entities/app_environments.entity';
-import { UserGroupPermission } from 'src/entities/user_group_permission.entity';
 import { USER_STATUS, WORKSPACE_USER_STATUS } from 'src/helpers/user_lifecycle';
 import { defaultAppEnvironments } from 'src/helpers/utils.helper';
+import { UserRoleService } from './user-role.service';
+import { USER_ROLE } from '@module/user_resource_permissions/constants/group-permissions.constant';
 
 @Injectable()
 export class SeedsService {
-  constructor(private readonly entityManager: EntityManager) {}
+  constructor(private readonly entityManager: EntityManager, private userRoleService: UserRoleService) {}
 
   async perform(): Promise<void> {
     await this.entityManager.transaction(async (manager) => {
@@ -85,10 +85,10 @@ export class SeedsService {
       await manager.save(testUserOrganization);
       // Save Test user organization mapping
 
-      await this.createDefaultUserGroups(manager, user);
+      await this.createDefaultUserGroups(manager, user, USER_ROLE.ADMIN);
+      await this.createDefaultUserGroups(manager, testUser, USER_ROLE.BUILDER);
 
       // Adding test user to group
-      this.addToGroup(manager, testUser);
 
       console.log(
         'Seeding complete. Use default credentials to login.\n' + 'email: dev@tooljet.io\n' + 'password: password'
@@ -96,49 +96,9 @@ export class SeedsService {
     });
   }
 
-  async createDefaultUserGroups(manager: EntityManager, user: User): Promise<void> {
-    const defaultGroups = ['all_users', 'admin'];
-    for (const group of defaultGroups) {
-      await this.createGroupAndAssociateUser(group, manager, user);
-    }
-  }
-
-  async addToGroup(manager: EntityManager, user: User): Promise<void> {
-    const defaultGroups = ['all_users'];
-    for (const group of defaultGroups) {
-      await this.createGroupAndAssociateUser(group, manager, user);
-    }
-  }
-
-  async createGroupAndAssociateUser(group: string, manager: EntityManager, user: User): Promise<void> {
-    let groupPermission = await manager.findOne(GroupPermission, {
-      where: { organizationId: user.organizationId, group: group },
-    });
-
-    if (!groupPermission) {
-      groupPermission = manager.create(GroupPermission, {
-        organizationId: user.organizationId,
-        group: group,
-        appCreate: group == 'admin',
-        appDelete: group == 'admin',
-        folderCreate: group == 'admin',
-        orgEnvironmentVariableCreate: group == 'admin',
-        orgEnvironmentVariableUpdate: group == 'admin',
-        orgEnvironmentVariableDelete: group == 'admin',
-        orgEnvironmentConstantCreate: group == 'admin',
-        orgEnvironmentConstantDelete: group == 'admin',
-        folderUpdate: group == 'admin',
-        folderDelete: group == 'admin',
-      });
-      await manager.save(groupPermission);
-    }
-
-    const userGroupPermission = manager.create(UserGroupPermission, {
-      groupPermissionId: groupPermission.id,
-      userId: user.id,
-    });
-
-    await manager.save(userGroupPermission);
+  async createDefaultUserGroups(manager: EntityManager, user: User, role: USER_ROLE): Promise<void> {
+    if (role === USER_ROLE.ADMIN) await this.userRoleService.createDefaultGroups(user.organizationId, manager);
+    await this.userRoleService.addUserRole({ role, userId: user.id }, user.organizationId, manager);
   }
 
   async createDefaultEnvironments(organizationId: string, manager: EntityManager) {
diff --git a/server/src/services/user-role.service.ts b/server/src/services/user-role.service.ts
new file mode 100644
index 0000000000..a2de5c8b5e
--- /dev/null
+++ b/server/src/services/user-role.service.ts
@@ -0,0 +1,148 @@
+import { Injectable, BadRequestException } from '@nestjs/common';
+import { GroupPermissions } from 'src/entities/group_permissions.entity';
+import { EditUserRoleDto } from '@dto/group_permissions.dto';
+import { User } from 'src/entities/user.entity';
+import {
+  USER_ROLE,
+  ERROR_HANDLER,
+  DEFAULT_GROUP_PERMISSIONS,
+} from '@module/user_resource_permissions/constants/group-permissions.constant';
+import { dbTransactionWrap } from 'src/helpers/utils.helper';
+import { EntityManager } from 'typeorm';
+import { GroupUsers } from 'src/entities/group_users.entity';
+import { GranularPermissionsService } from './granular_permissions.service';
+import {
+  DEFAULT_GRANULAR_PERMISSIONS_NAME,
+  DEFAULT_RESOURCE_PERMISSIONS,
+  ResourceType,
+} from '@module/user_resource_permissions/constants/granular-permissions.constant';
+import { CreateResourcePermissionObject } from '@module/user_resource_permissions/interface/granular-permissions.interface';
+import { GroupPermissionsServiceV2 } from './group_permissions.service.v2';
+import { AddUserRoleObject } from '@module/user_resource_permissions/interface/group-permissions.interface';
+import { GroupPermissionsUtilityService } from '@module/user_resource_permissions/services/group-permissions.utility.service';
+import { App } from 'src/entities/app.entity';
+
+@Injectable()
+export class UserRoleService {
+  constructor(
+    private groupPermissionsService: GroupPermissionsServiceV2,
+    private granularPermissionsService: GranularPermissionsService,
+    private groupPermissionsUtilityService: GroupPermissionsUtilityService
+  ) {}
+
+  async createDefaultGroups(organizationId: string, manager?: EntityManager): Promise<void> {
+    const defaultGroups: GroupPermissions[] = [];
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      // Create all default group
+      for (const defaultGroup of Object.keys(USER_ROLE)) {
+        const newGroup = await this.groupPermissionsService.create(
+          organizationId,
+          DEFAULT_GROUP_PERMISSIONS[defaultGroup],
+          manager
+        );
+        defaultGroups.push(newGroup);
+      }
+
+      //Add granular permissions to default group
+      for (const group of defaultGroups) {
+        const groupGranularPermissions: Record<ResourceType, CreateResourcePermissionObject> =
+          DEFAULT_RESOURCE_PERMISSIONS[group.name];
+        for (const resource of Object.keys(groupGranularPermissions)) {
+          const createResourcePermissionObj: CreateResourcePermissionObject = groupGranularPermissions[resource];
+          const dtoObject = {
+            name: DEFAULT_GRANULAR_PERMISSIONS_NAME[resource],
+            groupId: group.id,
+            type: resource as ResourceType,
+            isAll: true,
+            createAppsPermissionsObject: {},
+          };
+          await this.granularPermissionsService.create(
+            {
+              createGranularPermissionDto: dtoObject,
+              organizationId,
+            },
+            createResourcePermissionObj,
+            manager
+          );
+        }
+      }
+    }, manager);
+  }
+
+  async getRoleGroup(role: USER_ROLE, organizationId: string, manager?: EntityManager) {
+    return await dbTransactionWrap(async (manager) => {
+      return await this.groupPermissionsUtilityService.getRoleGroup(role, organizationId, manager);
+    }, manager);
+  }
+
+  async editDefaultGroupUserRole(
+    editRoleDto: EditUserRoleDto,
+    organizationId: string,
+    manager?: EntityManager
+  ): Promise<void> {
+    const { newRole, userId } = editRoleDto;
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const userRole = await this.groupPermissionsUtilityService.getUserRole(userId, organizationId);
+      if (!userRole) throw new BadRequestException(ERROR_HANDLER.ADD_GROUP_USER_NON_EXISTING_USER);
+      const userGroup = userRole.groupUsers[0];
+      if (userRole.name == newRole)
+        throw new BadRequestException(ERROR_HANDLER.DEFAULT_GROUP_ADD_USER_ROLE_EXIST(newRole));
+
+      if (userRole.name == USER_ROLE.ADMIN) {
+        const groupUsers = await this.groupPermissionsService.getAllGroupUsers(
+          { groupId: userRole.id, organizationId },
+          null,
+          manager
+        );
+        if (groupUsers.length < 2)
+          throw new BadRequestException({
+            message: {
+              error: ERROR_HANDLER.EDITING_LAST_ADMIN_ROLE_NOT_ALLOWED,
+              title: 'Can not remove last active admin',
+            },
+          });
+      }
+      if (newRole == USER_ROLE.END_USER) {
+        const userCreatedApps = await manager.find(App, {
+          where: {
+            userId: userId,
+            organizationId: organizationId,
+          },
+        });
+        if (userCreatedApps.length > 0) {
+          const user = await manager.findOne(User, userGroup.userId);
+          throw new BadRequestException({
+            message: {
+              error: ERROR_HANDLER.USER_IS_OWNER_OF_APPS(user.email),
+              data: userCreatedApps.map((app) => app.name),
+              title: 'Can not change user role',
+            },
+          });
+        }
+      }
+      await this.groupPermissionsService.deleteGroupUser(userGroup.id, manager);
+      if (newRole == USER_ROLE.END_USER) {
+        const userGroups = await this.groupPermissionsService.getAllUserGroups(userId, organizationId);
+
+        for (const customUserGroup of userGroups) {
+          const editPermissionsPresent = await this.groupPermissionsUtilityService.isEditableGroup(
+            customUserGroup,
+            manager
+          );
+          const groupUsers = customUserGroup.groupUsers;
+          if (editPermissionsPresent) await this.groupPermissionsService.deleteGroupUser(groupUsers[0].id, manager);
+        }
+      }
+      await this.addUserRole({ role: newRole, userId }, organizationId, manager);
+    }, manager);
+  }
+
+  async addUserRole(addUserRoleObject: AddUserRoleObject, organizationId: string, manager?: EntityManager) {
+    const { role, userId } = addUserRoleObject;
+    return await dbTransactionWrap(async (manager: EntityManager) => {
+      const roleGroup = await this.getRoleGroup(role, organizationId, manager);
+      const newUserRole = manager.create(GroupUsers, { groupId: roleGroup.id, userId });
+      await manager.save(newUserRole);
+    }, manager);
+  }
+}
diff --git a/server/src/services/users.service.ts b/server/src/services/users.service.ts
index 99f1ea23cb..1f60ef21b4 100644
--- a/server/src/services/users.service.ts
+++ b/server/src/services/users.service.ts
@@ -3,26 +3,37 @@ import { InjectRepository } from '@nestjs/typeorm';
 import { User } from '../entities/user.entity';
 import { FilesService } from '../services/files.service';
 import { App } from 'src/entities/app.entity';
-import { createQueryBuilder, EntityManager, getRepository, In, Repository } from 'typeorm';
-import { AppGroupPermission } from 'src/entities/app_group_permission.entity';
-import { UserGroupPermission } from 'src/entities/user_group_permission.entity';
-import { GroupPermission } from 'src/entities/group_permission.entity';
+import { EntityManager, Repository } from 'typeorm';
 import { BadRequestException } from '@nestjs/common';
 import { cleanObject, dbTransactionWrap } from 'src/helpers/utils.helper';
 import { CreateFileDto } from '@dto/create-file.dto';
 import { WORKSPACE_USER_STATUS } from 'src/helpers/user_lifecycle';
+import {
+  GROUP_PERMISSIONS_TYPE,
+  USER_ROLE,
+} from '@module/user_resource_permissions/constants/group-permissions.constant';
+import { GroupPermissionsServiceV2 } from './group_permissions.service.v2';
+import { UserRoleService } from './user-role.service';
+import { validateDeleteGroupUserOperation } from '@module/user_resource_permissions/utility/group-permissions.utility';
+import { GroupPermissionsUtilityService } from '@module/user_resource_permissions/services/group-permissions.utility.service';
 import { Organization } from 'src/entities/organization.entity';
+import { GroupPermissions } from 'src/entities/group_permissions.entity';
 const uuid = require('uuid');
 const bcrypt = require('bcrypt');
 
 @Injectable()
 export class UsersService {
+  //Whole user service wherever group permissions are used need to be changed
   constructor(
     private readonly filesService: FilesService,
     @InjectRepository(User)
     private usersRepository: Repository<User>,
     @InjectRepository(App)
     private appsRepository: Repository<App>,
+
+    private groupPermissionsService: GroupPermissionsServiceV2,
+    private userRoleService: UserRoleService,
+    private groupPermissionsUtilityService: GroupPermissionsUtilityService,
     @InjectRepository(Organization)
     private organizationsRepository: Repository<Organization>
   ) {}
@@ -86,7 +97,7 @@ export class UsersService {
   async create(
     userParams: Partial<User>,
     organizationId: string,
-    groups?: string[],
+    role: USER_ROLE,
     existingUser?: User,
     isInvite?: boolean,
     defaultOrganizationId?: string,
@@ -114,36 +125,46 @@ export class UsersService {
       } else {
         user = existingUser;
       }
-      await this.attachUserGroup(groups, organizationId, user.id, manager);
+      if (defaultOrganizationId) {
+        await this.userRoleService.addUserRole(
+          { role: USER_ROLE.ADMIN, userId: user.id },
+          defaultOrganizationId,
+          manager
+        );
+      }
+      await this.userRoleService.addUserRole({ role, userId: user.id }, organizationId, manager);
     }, manager);
 
     return user;
   }
 
-  async attachUserGroup(groups, organizationId, userId, manager?: EntityManager) {
+  async attachUserGroup(
+    groups: string[],
+    organizationId: string,
+    userId: string,
+    manager?: EntityManager
+  ): Promise<void> {
+    if (!groups) return;
     await dbTransactionWrap(async (manager: EntityManager) => {
-      for (const group of groups) {
-        const orgGroupPermission = await manager.findOne(GroupPermission, {
-          where: {
-            organizationId: organizationId,
-            group: group,
-          },
-        });
-
-        if (!orgGroupPermission) {
-          throw new BadRequestException(`${group} group does not exist for current organization`);
-        }
-        const userGroupPermission = manager.create(UserGroupPermission, {
-          groupPermissionId: orgGroupPermission.id,
-          userId: userId,
-        });
-        await manager.save(userGroupPermission);
-      }
+      if (groups?.length)
+        await this.groupPermissionsUtilityService.validateEditUserGroupPermissionsAddition(
+          { userId, groupsToAddIds: groups, organizationId },
+          manager
+        );
+      await Promise.all(
+        groups.map(async (groupId) => {
+          await this.groupPermissionsService.addGroupUsers(
+            { userIds: [userId], groupId, allowRoleChange: false },
+            organizationId,
+            manager
+          );
+        })
+      );
     }, manager);
   }
 
   async update(userId: string, params: any, manager?: EntityManager, organizationId?: string) {
-    const { forgotPasswordToken, password, firstName, lastName, addGroups, removeGroups, source } = params;
+    const { forgotPasswordToken, password, firstName, lastName, addGroups, removeGroups, source, role } = params;
 
     const hashedPassword = password ? bcrypt.hashSync(password, 10) : undefined;
 
@@ -161,8 +182,10 @@ export class UsersService {
     return await dbTransactionWrap(async (manager: EntityManager) => {
       await manager.update(User, userId, updatableParams);
       const user = await manager.findOne(User, { where: { id: userId } });
+
       await this.removeUserGroupPermissionsIfExists(manager, user, removeGroups, organizationId);
-      await this.addUserGroupPermissions(manager, user, addGroups, organizationId);
+      if (role) await this.userRoleService.editDefaultGroupUserRole({ userId, newRole: role }, organizationId, manager);
+      await this.attachUserGroup(addGroups, organizationId, userId, manager);
       return user;
     }, manager);
   }
@@ -176,231 +199,51 @@ export class UsersService {
     }, manager);
   }
 
-  async addUserGroupPermissions(manager: EntityManager, user: User, addGroups: string[], organizationId?: string) {
-    const orgId = organizationId || user.defaultOrganizationId;
-    if (addGroups) {
-      const orgGroupPermissions = await this.groupPermissionsForOrganization(orgId);
-
-      for (const group of addGroups) {
-        const orgGroupPermission = orgGroupPermissions.find((permission) => permission.group == group);
-
-        if (!orgGroupPermission) {
-          throw new BadRequestException(`${group} group does not exist for current organization`);
-        }
-        await dbTransactionWrap(async (manager: EntityManager) => {
-          const userGroupPermission = manager.create(UserGroupPermission, {
-            groupPermissionId: orgGroupPermission.id,
-            userId: user.id,
-          });
-          await manager.save(userGroupPermission);
-        }, manager);
-      }
-    }
-  }
-
   async removeUserGroupPermissionsIfExists(
     manager: EntityManager,
     user: User,
     removeGroups: string[],
     organizationId?: string
-  ) {
+  ): Promise<void> {
     const orgId = organizationId || user.defaultOrganizationId;
-    if (removeGroups) {
-      await this.throwErrorIfRemovingLastActiveAdmin(user, removeGroups, orgId);
-      if (removeGroups.includes('all_users')) {
-        throw new BadRequestException('Cannot remove user from default group.');
-      }
-      await dbTransactionWrap(async (manager: EntityManager) => {
-        const groupPermissions = await manager.find(GroupPermission, {
-          group: In(removeGroups),
-          organizationId: orgId,
-        });
-        const groupIdsToMaybeRemove = groupPermissions.map((permission) => permission.id);
-
-        await manager.delete(UserGroupPermission, {
-          groupPermissionId: In(groupIdsToMaybeRemove),
-          userId: user.id,
-        });
-      }, manager);
-    }
+    if (!removeGroups) return;
+    await dbTransactionWrap(async (manager: EntityManager) => {
+      const groupPermissions = await this.groupPermissionsService.getAllUserGroups(user.id, orgId);
+      const groupsToRemove = groupPermissions.filter((permission) => removeGroups.includes(permission.id));
+      await Promise.all(
+        groupsToRemove.map(async (group) => {
+          validateDeleteGroupUserOperation(group);
+          const groupUser = group.groupUsers[0];
+          this.groupPermissionsService.deleteGroupUser(groupUser.id, manager);
+        })
+      );
+    }, manager);
   }
 
-  async throwErrorIfRemovingLastActiveAdmin(user: User, removeGroups: string[] = ['admin'], organizationId: string) {
-    const removingAdmin = removeGroups.includes('admin');
-    if (!removingAdmin) return;
+  async throwErrorIfUserIsLastActiveAdmin(user: User, organizationId: string) {
+    const result = await this.groupPermissionsUtilityService.getRoleUsersList(USER_ROLE.ADMIN, organizationId);
+    const isAdmin = result.find((userItem) => userItem.id === user.id);
 
-    const result = await createQueryBuilder(User, 'users')
-      .innerJoin('users.groupPermissions', 'group_permissions')
-      .innerJoin('users.organizationUsers', 'organization_users')
-      .where('organization_users.user_id != :userId', { userId: user.id })
-      .andWhere('organization_users.status = :status', { status: WORKSPACE_USER_STATUS.ACTIVE })
-      .andWhere('group_permissions.group = :group', { group: 'admin' })
-      .andWhere('group_permissions.organization_id = :organizationId', {
-        organizationId,
-      })
-      .getCount();
-
-    if (result == 0) throw new BadRequestException('Atleast one active admin is required.');
+    if (isAdmin && result.length <= 2) throw new BadRequestException('Atleast one active admin is required');
   }
 
-  async hasGroup(user: User, group: string, organizationId?: string, manager?: EntityManager): Promise<boolean> {
+  async hasGroup(user: User, role: USER_ROLE, organizationId?: string, manager?: EntityManager): Promise<boolean> {
     return await dbTransactionWrap(async (manager: EntityManager) => {
       const result = await manager
-        .createQueryBuilder(GroupPermission, 'group_permissions')
-        .innerJoin('group_permissions.userGroupPermission', 'user_group_permissions')
-        .where('group_permissions.organization_id = :organizationId', {
+        .createQueryBuilder(GroupPermissions, 'group_permissions')
+        .innerJoin('group_permissions.groupUsers', 'groupUsers')
+        .where('group_permissions.organizationId = :organizationId', {
           organizationId: organizationId || user.organizationId,
         })
-        .andWhere('group_permissions.group = :group ', { group })
-        .andWhere('user_group_permissions.user_id = :userId', { userId: user.id })
+        .andWhere('group_permissions.name = :role ', { role })
+        .andWhere('group_permissions.type = :type', { type: GROUP_PERMISSIONS_TYPE.DEFAULT })
+        .andWhere('groupUsers.userId = :userId', { userId: user.id })
         .getCount();
 
       return result > 0;
     }, manager);
   }
 
-  async userCan(user: User, action: string, entityName: string, resourceId?: string): Promise<boolean> {
-    switch (entityName) {
-      case 'App':
-        return await this.canUserPerformActionOnApp(user, action, resourceId);
-
-      case 'User':
-      case 'Plugin':
-      case 'GlobalDataSource':
-        return await this.hasGroup(user, 'admin');
-
-      case 'Thread':
-      case 'Comment':
-        return await this.canUserPerformActionOnApp(user, 'update', resourceId);
-
-      case 'Folder':
-        return await this.canUserPerformActionOnFolder(user, action);
-
-      case 'OrgEnvironmentVariable':
-        return await this.canUserPerformActionOnEnvironmentVariable(user, action);
-
-      case 'OrganizationConstant':
-        return await this.canUserPerformActionOnOrgEnvironmentConstants(user, action);
-
-      default:
-        return false;
-    }
-  }
-
-  async canUserPerformActionOnApp(user: User, action: string, appId?: string): Promise<boolean> {
-    let permissionGrant: boolean;
-
-    switch (action) {
-      case 'create':
-        permissionGrant = this.canAnyGroupPerformAction('appCreate', await this.groupPermissions(user));
-        break;
-      case 'read':
-      case 'update':
-        permissionGrant =
-          this.canAnyGroupPerformAction(action, await this.appGroupPermissions(user, appId)) ||
-          (await this.isUserOwnerOfApp(user, appId));
-        break;
-      case 'delete':
-        permissionGrant =
-          this.canAnyGroupPerformAction('delete', await this.appGroupPermissions(user, appId)) ||
-          this.canAnyGroupPerformAction('appDelete', await this.groupPermissions(user)) ||
-          (await this.isUserOwnerOfApp(user, appId));
-        break;
-      default:
-        permissionGrant = false;
-        break;
-    }
-
-    return permissionGrant;
-  }
-
-  async canUserPerformActionOnFolder(user: User, action: string): Promise<boolean> {
-    let permissionGrant: boolean;
-
-    switch (action) {
-      case 'create':
-        permissionGrant = this.canAnyGroupPerformAction('folderCreate', await this.groupPermissions(user));
-        break;
-      case 'update':
-        permissionGrant = this.canAnyGroupPerformAction('folderUpdate', await this.groupPermissions(user));
-        break;
-      case 'delete':
-        permissionGrant = this.canAnyGroupPerformAction('folderDelete', await this.groupPermissions(user));
-        break;
-      default:
-        permissionGrant = false;
-        break;
-    }
-
-    return permissionGrant;
-  }
-
-  async canUserPerformActionOnEnvironmentVariable(user: User, action: string): Promise<boolean> {
-    let permissionGrant: boolean;
-
-    switch (action) {
-      case 'create':
-        permissionGrant = this.canAnyGroupPerformAction(
-          'orgEnvironmentVariableCreate',
-          await this.groupPermissions(user)
-        );
-        break;
-      case 'update':
-        permissionGrant = this.canAnyGroupPerformAction(
-          'orgEnvironmentVariableUpdate',
-          await this.groupPermissions(user)
-        );
-        break;
-      case 'delete':
-        permissionGrant = this.canAnyGroupPerformAction(
-          'orgEnvironmentVariableDelete',
-          await this.groupPermissions(user)
-        );
-        break;
-      default:
-        permissionGrant = false;
-        break;
-    }
-
-    return permissionGrant;
-  }
-
-  async canUserPerformActionOnOrgEnvironmentConstants(user: User, action: string): Promise<boolean> {
-    let permissionGrant: boolean;
-
-    switch (action) {
-      case 'create':
-      case 'update':
-        permissionGrant = this.canAnyGroupPerformAction(
-          'orgEnvironmentConstantCreate',
-          await this.groupPermissions(user)
-        );
-        break;
-
-      case 'delete':
-        permissionGrant = this.canAnyGroupPerformAction(
-          'orgEnvironmentConstantDelete',
-          await this.groupPermissions(user)
-        );
-        break;
-      default:
-        permissionGrant = false;
-        break;
-    }
-
-    return permissionGrant;
-  }
-
-  async isUserOwnerOfApp(user: User, appId: string): Promise<boolean> {
-    const app: App = await this.appsRepository.findOne({
-      where: {
-        id: appId,
-        userId: user.id,
-      },
-    });
-    return !!app && app.organizationId === user.organizationId;
-  }
-
   async returnOrgIdOfAnApp(slug: string): Promise<{ organizationId: string; isPublic: boolean }> {
     let app: App;
     try {
@@ -433,67 +276,4 @@ export class UsersService {
       return avatar;
     });
   }
-
-  canAnyGroupPerformAction(action: string, permissions: AppGroupPermission[] | GroupPermission[]): boolean {
-    return permissions.some((p) => p[action]);
-  }
-
-  async groupPermissions(user: User, manager?: EntityManager): Promise<GroupPermission[]> {
-    return await dbTransactionWrap(async (manager: EntityManager) => {
-      const orgUserGroupPermissions = await this.userGroupPermissions(user, user.organizationId, manager);
-      const groupIds = orgUserGroupPermissions.map((p) => p.groupPermissionId);
-
-      return await manager.findByIds(GroupPermission, groupIds);
-    }, manager);
-  }
-
-  async groupPermissionsForOrganization(organizationId: string) {
-    const groupPermissionRepository = getRepository(GroupPermission);
-
-    return await groupPermissionRepository.find({ organizationId });
-  }
-
-  async appGroupPermissions(user: User, appId?: string, manager?: EntityManager): Promise<AppGroupPermission[]> {
-    const orgUserGroupPermissions = await this.userGroupPermissions(user, user.organizationId, manager);
-    const groupIds = orgUserGroupPermissions.map((p) => p.groupPermissionId);
-
-    if (!groupIds || groupIds.length === 0) {
-      return [];
-    }
-    return await dbTransactionWrap(async (manager: EntityManager) => {
-      const query = manager
-        .createQueryBuilder(AppGroupPermission, 'app_group_permissions')
-        .innerJoin(
-          'app_group_permissions.groupPermission',
-          'group_permissions',
-          'group_permissions.organization_id = :organizationId',
-          {
-            organizationId: user.organizationId,
-          }
-        )
-        .where('app_group_permissions.groupPermissionId IN (:...groupIds)', { groupIds });
-
-      if (appId) {
-        query.andWhere('app_group_permissions.appId = :appId', { appId });
-      }
-      return await query.getMany();
-    }, manager);
-  }
-
-  async userGroupPermissions(
-    user: User,
-    organizationId?: string,
-    manager?: EntityManager
-  ): Promise<UserGroupPermission[]> {
-    return await dbTransactionWrap(async (manager: EntityManager) => {
-      return await manager
-        .createQueryBuilder(UserGroupPermission, 'user_group_permissions')
-        .innerJoin('user_group_permissions.groupPermission', 'group_permissions')
-        .where('group_permissions.organization_id = :organizationId', {
-          organizationId: organizationId || user.organizationId,
-        })
-        .andWhere('user_group_permissions.user_id = :userId', { userId: user.id })
-        .getMany();
-    }, manager);
-  }
 }
diff --git a/server/tsconfig.json b/server/tsconfig.json
index d7ffc05161..1e5d8d0483 100644
--- a/server/tsconfig.json
+++ b/server/tsconfig.json
@@ -17,7 +17,9 @@
       "@services/*": ["src/services/*"],
       "@controllers/*": ["src/controllers/*"],
       "@repositories/*": ["src/repositories/*"],
-      "@dto/*": ["src/dto/*"]
+      "@dto/*": ["src/dto/*"],
+      "@module/*": ["src/modules/*"],
+      "@helpers/*": ["src/helpers/*"]
     },
   },
   "exclude": ["node_modules", "dist"]

From ef2c8b7f13c21f7225b5eafb7f29d0ebac11d2fd Mon Sep 17 00:00:00 2001
From: kriks7iitk <kriks.iitk@gmail.com>
Date: Thu, 11 Jul 2024 11:15:22 +0530
Subject: [PATCH 2/2] moves migration to data migrations

---
 frontend/assets/csv/sample_upload.csv         |   4 +-
 .../AddEditResourcePermissionsModal.jsx       |   5 +-
 .../AppResourcePermission.jsx                 |   2 +-
 .../index.jsx                                 |  15 +-
 .../ManageGroupPermissionsV2.jsx              | 224 +++++++++---------
 .../groupPermissions.theme.scss               |   1 +
 ...0-CreateDefaultGroupInExistingWorkspace.ts |   0
 ...sersToRespectiveRolesBuilderAndEndUsers.ts |   0
 ...737529-MigrateCustomGroupToNewUserGroup.ts |   0
 ...-DropGroupPermissionsOlderRelatedTables.ts |   0
 server/src/helpers/queries.ts                 |   9 +-
 .../services/granular_permissions.service.ts  |   5 +-
 server/src/services/organizations.service.ts  |  20 +-
 13 files changed, 152 insertions(+), 133 deletions(-)
 rename server/{migrations => data-migrations}/1720352990850-CreateDefaultGroupInExistingWorkspace.ts (100%)
 rename server/{migrations => data-migrations}/1720365772516-AddingUsersToRespectiveRolesBuilderAndEndUsers.ts (100%)
 rename server/{migrations => data-migrations}/1720434737529-MigrateCustomGroupToNewUserGroup.ts (100%)
 rename server/{migrations => data-migrations}/1720513124281-DropGroupPermissionsOlderRelatedTables.ts (100%)

diff --git a/frontend/assets/csv/sample_upload.csv b/frontend/assets/csv/sample_upload.csv
index b92715cca1..cd152f5452 100644
--- a/frontend/assets/csv/sample_upload.csv
+++ b/frontend/assets/csv/sample_upload.csv
@@ -1,2 +1,2 @@
-First Name,Last Name,Email,Group
-test,user,test@gmail.com,For multiple groups separate using pipe (|) operator e.g. All Users|Admin
\ No newline at end of file
+First Name,Last Name,Email,Group,User Role
+test,user,test@gmail.com,"For multiple groups separate using pipe (|) operator e.g. Groups1|Group2 or leave blank if no group assign","Assign each user a role: Admin, Builder or End User. User role value should be exact same"
\ No newline at end of file
diff --git a/frontend/src/ManageGranularAccess/AddEditResourceModal/AddEditResourcePermissionsModal.jsx b/frontend/src/ManageGranularAccess/AddEditResourceModal/AddEditResourcePermissionsModal.jsx
index 3424779e03..3b7479032c 100644
--- a/frontend/src/ManageGranularAccess/AddEditResourceModal/AddEditResourcePermissionsModal.jsx
+++ b/frontend/src/ManageGranularAccess/AddEditResourceModal/AddEditResourcePermissionsModal.jsx
@@ -104,7 +104,7 @@ function AddEditResourcePermissionsModal({
               type="radio"
               checked={isAll}
               onClick={() => {
-                updateParentState((prevState) => ({ isAll: !prevState.isAll, isCustom: !!prevState.isAll }));
+                !isAll && updateParentState((prevState) => ({ isAll: !prevState.isAll, isCustom: !!prevState.isAll }));
               }}
             />
             <div>
@@ -121,7 +121,8 @@ function AddEditResourcePermissionsModal({
               disabled={addableApps.length === 0 || disableBuilderLevelUpdate}
               checked={isCustom}
               onClick={() => {
-                updateParentState((prevState) => ({ isCustom: !prevState.isCustom, isAll: prevState.isCustom }));
+                !isCustom &&
+                  updateParentState((prevState) => ({ isCustom: !prevState.isCustom, isAll: prevState.isCustom }));
               }}
             />
             <div>
diff --git a/frontend/src/ManageGranularAccess/AppResourcePermission.jsx b/frontend/src/ManageGranularAccess/AppResourcePermission.jsx
index 0c93d0b70c..0b311e64a8 100644
--- a/frontend/src/ManageGranularAccess/AppResourcePermission.jsx
+++ b/frontend/src/ManageGranularAccess/AppResourcePermission.jsx
@@ -35,7 +35,7 @@ function AppResourcePermissions({
     >
       <div className="resource-name d-flex">
         <SolidIcon name="app" width="20px" className="resource-icon" />
-        <div className="resource-text">{permissions.name}</div>
+        <div className="resource-text">{`  ${permissions.name}`}</div>
       </div>
       <div className="text-muted">
         <div className="d-flex apps-permission-wrap flex-column">
diff --git a/frontend/src/ManageGroupPermissionResourcesV2/index.jsx b/frontend/src/ManageGroupPermissionResourcesV2/index.jsx
index f996216af8..3305097887 100644
--- a/frontend/src/ManageGroupPermissionResourcesV2/index.jsx
+++ b/frontend/src/ManageGroupPermissionResourcesV2/index.jsx
@@ -555,7 +555,10 @@ class ManageGroupPermissionResourcesComponent extends React.Component {
 
               <nav className="nav nav-tabs groups-sub-header-wrap">
                 <a
-                  onClick={() => this.setState({ currentTab: 'users', showUserSearchBox: false })}
+                  onClick={() => {
+                    this.setState({ currentTab: 'granularAccess', showUserSearchBox: false });
+                    this.setSelectedUsers([]);
+                  }}
                   className={cx('nav-item nav-link', { active: currentTab === 'users' })}
                   data-cy="users-link"
                 >
@@ -570,7 +573,10 @@ class ManageGroupPermissionResourcesComponent extends React.Component {
                 </a>
 
                 <a
-                  onClick={() => this.setState({ currentTab: 'permissions', showUserSearchBox: false })}
+                  onClick={() => {
+                    this.setState({ currentTab: 'granularAccess', showUserSearchBox: false });
+                    this.setSelectedUsers([]);
+                  }}
                   className={cx('nav-item nav-link', { active: currentTab === 'permissions' })}
                   data-cy="permissions-link"
                 >
@@ -587,7 +593,10 @@ class ManageGroupPermissionResourcesComponent extends React.Component {
                   )}
                 </a>
                 <a
-                  onClick={() => this.setState({ currentTab: 'granularAccess', showUserSearchBox: false })}
+                  onClick={() => {
+                    this.setState({ currentTab: 'granularAccess', showUserSearchBox: false });
+                    this.setSelectedUsers([]);
+                  }}
                   className={cx('nav-item nav-link', { active: currentTab === 'granularAccess' })}
                   data-cy="granular-access-link"
                 >
diff --git a/frontend/src/ManageGroupPermissionsV2/ManageGroupPermissionsV2.jsx b/frontend/src/ManageGroupPermissionsV2/ManageGroupPermissionsV2.jsx
index 170e2f8602..94bf53bbe8 100644
--- a/frontend/src/ManageGroupPermissionsV2/ManageGroupPermissionsV2.jsx
+++ b/frontend/src/ManageGroupPermissionsV2/ManageGroupPermissionsV2.jsx
@@ -507,7 +507,6 @@ class ManageGroupPermissionsComponent extends React.Component {
                 </ButtonSolid>
               )}
             </div>
-
             <Modal
               show={showNewGroupForm || showGroupNameUpdateForm}
               closeModal={() =>
@@ -589,16 +588,90 @@ class ManageGroupPermissionsComponent extends React.Component {
                 </div>
               </form>
             </Modal>
-
-            {!showNewGroupForm && !showGroupNameUpdateForm && (
-              <div className="org-users-page-card-wrap">
-                <div className="org-users-page-sidebar">
-                  <div className="default-group-list-container">
+            <div className="org-users-page-card-wrap">
+              <div className="org-users-page-sidebar">
+                <div className="default-group-list-container">
+                  <div className="mb-2 d-flex align-items-center">
+                    <SolidIcon name="usergear" />
+                    <span className="ml-1 group-title">USER ROLE</span>
+                  </div>
+                  {defaultGroups.map((permissionGroup) => {
+                    return (
+                      <FolderList
+                        key={permissionGroup.id}
+                        listId={permissionGroup.id}
+                        overlayFunctionParam={{
+                          id: permissionGroup.id,
+                          groupName: permissionGroup.name,
+                        }}
+                        selectedItem={this.state.selectedGroup == this.humanizeifDefaultGroupName(permissionGroup.name)}
+                        onClick={() => {
+                          this.setState({
+                            selectedGroupPermissionId: permissionGroup.id,
+                            selectedGroup: this.humanizeifDefaultGroupName(permissionGroup.name),
+                            selectedGroupObject: permissionGroup,
+                          });
+                        }}
+                        toolTipText={this.humanizeifDefaultGroupName(permissionGroup.name)}
+                        overLayComponent={this.renderPopoverContent}
+                        className="groups-folder-list"
+                        dataCy={this.humanizeifDefaultGroupName(permissionGroup.name)
+                          .toLowerCase()
+                          .replace(/\s+/g, '-')}
+                      >
+                        <span>
+                          <OverflowTooltip>{this.humanizeifDefaultGroupName(permissionGroup.name)}</OverflowTooltip>
+                        </span>
+                      </FolderList>
+                    );
+                  })}
+                </div>
+                <div>
+                  {!showGroupSearchBar ? (
                     <div className="mb-2 d-flex align-items-center">
-                      <SolidIcon name="usergear" />
-                      <span className="ml-1 group-title">USER ROLE</span>
+                      <SolidIcon name="usergroup" width="18px" fill="#889096" />
+                      <span className="ml-1 group-title">CUSTOM GROUPS</span>
+                      <div className="create-group-cont">
+                        <ButtonSolid
+                          onClick={(e) => {
+                            e.preventDefault();
+                            this.setState({ showGroupSearchBar: true });
+                          }}
+                          size="xsm"
+                          rightIcon="search"
+                          iconWidth="15"
+                          fill="#889096"
+                          className="create-group-custom"
+                        />
+                        <ButtonSolid
+                          onClick={(e) => {
+                            e.preventDefault();
+                            this.setState({ newGroupName: null, showNewGroupForm: true, isSaveBtnDisabled: true });
+                          }}
+                          size="sm"
+                          fill="#889096"
+                          rightIcon="plus"
+                          iconWidth="20"
+                          className="create-group-custom"
+                        />
+                      </div>
                     </div>
-                    {defaultGroups.map((permissionGroup) => {
+                  ) : (
+                    <div className="searchbox-custom">
+                      <SearchBox
+                        dataCy={`query-manager`}
+                        width="70px !important"
+                        callBack={this.handleGroupSearch}
+                        placeholder={'Search'}
+                        customClass="tj-common-search-input-group"
+                        onClearCallback={this.handleGroupSearchClose}
+                        autoFocus={true}
+                      />
+                    </div>
+                  )}
+
+                  {groups.length ? (
+                    filteredGroup.map((permissionGroup) => {
                       return (
                         <FolderList
                           key={permissionGroup.id}
@@ -629,116 +702,37 @@ class ManageGroupPermissionsComponent extends React.Component {
                           </span>
                         </FolderList>
                       );
-                    })}
-                  </div>
-                  <div>
-                    {!showGroupSearchBar ? (
-                      <div className="mb-2 d-flex align-items-center">
-                        <SolidIcon name="usergroup" width="18px" fill="#889096" />
-                        <span className="ml-1 group-title">CUSTOM GROUPS</span>
-                        <div className="create-group-cont">
-                          <ButtonSolid
-                            onClick={(e) => {
-                              e.preventDefault();
-                              this.setState({ showGroupSearchBar: true });
-                            }}
-                            size="xsm"
-                            rightIcon="search"
-                            iconWidth="15"
-                            fill="#889096"
-                            className="create-group-custom"
-                          />
-                          <ButtonSolid
-                            onClick={(e) => {
-                              e.preventDefault();
-                              this.setState({ newGroupName: null, showNewGroupForm: true, isSaveBtnDisabled: true });
-                            }}
-                            size="sm"
-                            fill="#889096"
-                            rightIcon="plus"
-                            iconWidth="20"
-                            className="create-group-custom"
-                          />
-                        </div>
-                      </div>
-                    ) : (
-                      <div className="searchbox-custom">
-                        <SearchBox
-                          dataCy={`query-manager`}
-                          width="70px !important"
-                          callBack={this.handleGroupSearch}
-                          placeholder={'Search'}
-                          customClass="tj-common-search-input-group"
-                          onClearCallback={this.handleGroupSearchClose}
-                          autoFocus={true}
-                        />
-                      </div>
-                    )}
-
-                    {groups.length ? (
-                      filteredGroup.map((permissionGroup) => {
-                        return (
-                          <FolderList
-                            key={permissionGroup.id}
-                            listId={permissionGroup.id}
-                            overlayFunctionParam={{
-                              id: permissionGroup.id,
-                              groupName: permissionGroup.name,
-                            }}
-                            selectedItem={
-                              this.state.selectedGroup == this.humanizeifDefaultGroupName(permissionGroup.name)
-                            }
-                            onClick={() => {
-                              this.setState({
-                                selectedGroupPermissionId: permissionGroup.id,
-                                selectedGroup: this.humanizeifDefaultGroupName(permissionGroup.name),
-                                selectedGroupObject: permissionGroup,
-                              });
-                            }}
-                            toolTipText={this.humanizeifDefaultGroupName(permissionGroup.name)}
-                            overLayComponent={this.renderPopoverContent}
-                            className="groups-folder-list"
-                            dataCy={this.humanizeifDefaultGroupName(permissionGroup.name)
-                              .toLowerCase()
-                              .replace(/\s+/g, '-')}
-                          >
-                            <span>
-                              <OverflowTooltip>{this.humanizeifDefaultGroupName(permissionGroup.name)}</OverflowTooltip>
-                            </span>
-                          </FolderList>
-                        );
-                      })
-                    ) : (
-                      <div className="empty-custom-group-info">
-                        <SolidIcon className="info-icon" name="information" width="18px" />
-                        <span className="tj-text-xsm text-center info-label">No custom groups added</span>
-                      </div>
-                    )}
-                  </div>
-                </div>
-
-                <div className="org-users-page-card-body">
-                  {isLoading ? (
-                    <Loader />
+                    })
                   ) : (
-                    <ManageGroupPermissionResourcesV2
-                      groupPermissionId={this.state.selectedGroupPermissionId}
-                      darkMode={this.props.darkMode}
-                      selectedGroup={this.state.selectedGroup}
-                      selectedGroupObject={this.state.selectedGroupObject}
-                      updateGroupName={this.updateGroupName}
-                      deleteGroup={this.deleteGroup}
-                      roleOptions={defaultGroups.map((group) => {
-                        return {
-                          name: this.humanizeifDefaultGroupName(group.name),
-                          value: group.name,
-                        };
-                      })}
-                    />
+                    <div className="empty-custom-group-info">
+                      <SolidIcon className="info-icon" name="information" width="18px" />
+                      <span className="tj-text-xsm text-center info-label">No custom groups added</span>
+                    </div>
                   )}
                 </div>
               </div>
-            )}
+
+              <div className="org-users-page-card-body">
+                {isLoading ? (
+                  <Loader />
+                ) : (
+                  <ManageGroupPermissionResourcesV2
+                    groupPermissionId={this.state.selectedGroupPermissionId}
+                    darkMode={this.props.darkMode}
+                    selectedGroup={this.state.selectedGroup}
+                    selectedGroupObject={this.state.selectedGroupObject}
+                    updateGroupName={this.updateGroupName}
+                    deleteGroup={this.deleteGroup}
+                    roleOptions={defaultGroups.map((group) => {
+                      return {
+                        name: this.humanizeifDefaultGroupName(group.name),
+                        value: group.name,
+                      };
+                    })}
+                  />
+                )}
+              </div>
+            </div>
           </div>
         </div>
       </ErrorBoundary>
diff --git a/frontend/src/ManageGroupPermissionsV2/groupPermissions.theme.scss b/frontend/src/ManageGroupPermissionsV2/groupPermissions.theme.scss
index 0ad36a1d01..1a6a4fd1cb 100644
--- a/frontend/src/ManageGroupPermissionsV2/groupPermissions.theme.scss
+++ b/frontend/src/ManageGroupPermissionsV2/groupPermissions.theme.scss
@@ -430,6 +430,7 @@
       }
       .resource-text {
         margin-left: 10px;
+        padding-left: 20px;
       }
     }
   }
diff --git a/server/migrations/1720352990850-CreateDefaultGroupInExistingWorkspace.ts b/server/data-migrations/1720352990850-CreateDefaultGroupInExistingWorkspace.ts
similarity index 100%
rename from server/migrations/1720352990850-CreateDefaultGroupInExistingWorkspace.ts
rename to server/data-migrations/1720352990850-CreateDefaultGroupInExistingWorkspace.ts
diff --git a/server/migrations/1720365772516-AddingUsersToRespectiveRolesBuilderAndEndUsers.ts b/server/data-migrations/1720365772516-AddingUsersToRespectiveRolesBuilderAndEndUsers.ts
similarity index 100%
rename from server/migrations/1720365772516-AddingUsersToRespectiveRolesBuilderAndEndUsers.ts
rename to server/data-migrations/1720365772516-AddingUsersToRespectiveRolesBuilderAndEndUsers.ts
diff --git a/server/migrations/1720434737529-MigrateCustomGroupToNewUserGroup.ts b/server/data-migrations/1720434737529-MigrateCustomGroupToNewUserGroup.ts
similarity index 100%
rename from server/migrations/1720434737529-MigrateCustomGroupToNewUserGroup.ts
rename to server/data-migrations/1720434737529-MigrateCustomGroupToNewUserGroup.ts
diff --git a/server/migrations/1720513124281-DropGroupPermissionsOlderRelatedTables.ts b/server/data-migrations/1720513124281-DropGroupPermissionsOlderRelatedTables.ts
similarity index 100%
rename from server/migrations/1720513124281-DropGroupPermissionsOlderRelatedTables.ts
rename to server/data-migrations/1720513124281-DropGroupPermissionsOlderRelatedTables.ts
diff --git a/server/src/helpers/queries.ts b/server/src/helpers/queries.ts
index fd971c5fa1..359cdd2a84 100644
--- a/server/src/helpers/queries.ts
+++ b/server/src/helpers/queries.ts
@@ -53,10 +53,17 @@ export function viewableAppsQueryUsingPermissions(
   if (select) {
     viewableAppsQb.select(select.map((col) => `viewable_apps.${col}`));
   }
-  if (userAppPermissions.hideAll || !(userAppPermissions.isAllEditable || userAppPermissions.isAllViewable)) {
+  const viewAll = userAppPermissions.isAllEditable || userAppPermissions.isAllViewable;
+  if (!viewAll || userAppPermissions.hideAll) {
     viewableAppsQb.where('viewable_apps.id IN (:...viewableApps)', {
       viewableApps,
     });
   }
+  const hiddenApps = userAppPermissions.hiddenAppsId;
+  if (!userAppPermissions.hideAll && viewAll && hiddenApps.length > 0) {
+    viewableAppsQb.where('viewable_apps.id NOT IN (:...hiddenApps)', {
+      hiddenApps,
+    });
+  }
   return viewableAppsQb;
 }
diff --git a/server/src/services/granular_permissions.service.ts b/server/src/services/granular_permissions.service.ts
index 386033fbb1..83e39ea582 100644
--- a/server/src/services/granular_permissions.service.ts
+++ b/server/src/services/granular_permissions.service.ts
@@ -40,7 +40,8 @@ export class GranularPermissionsService {
   ) {
     return await dbTransactionWrap(async (manager: EntityManager) => {
       const { createGranularPermissionDto, organizationId } = createGranularPermissionObject;
-      const { name, type, groupId, isAll } = createGranularPermissionDto;
+      const { name, type, groupId, isAll: isAllDto } = createGranularPermissionDto;
+      const isAll = isAllDto ? true : false;
       const granularPermissions: GranularPermissions = await catchDbException(async () => {
         const granularPermissions = manager.create(GranularPermissions, { name, type, groupId, isAll });
         return await manager.save(granularPermissions);
@@ -77,7 +78,7 @@ export class GranularPermissionsService {
       const { organizationId, updateGranularPermissionDto, group } = updateGranularPermissionsObj;
       const { isAll, name, resourcesToAdd, resourcesToDelete, actions, allowRoleChange } = updateGranularPermissionDto;
       const updateGranularPermission = {
-        isAll: isAll !== null || isAll !== undefined ? isAll : granularPermissions.isAll,
+        isAll: isAll ?? granularPermissions.isAll,
         ...(name && { name }),
       };
       const updateResource: UpdateResourceGroupPermissionsObject = {
diff --git a/server/src/services/organizations.service.ts b/server/src/services/organizations.service.ts
index 5892bf3131..4b94f7e9c9 100644
--- a/server/src/services/organizations.service.ts
+++ b/server/src/services/organizations.service.ts
@@ -63,7 +63,7 @@ interface UserCsvRow {
   first_name: string;
   last_name: string;
   email: string;
-  role: string;
+  user_role: string;
   groups?: any;
 }
 
@@ -711,7 +711,7 @@ export class OrganizationsService {
     const existingGroups = groupPermissions.map((groupPermission) => groupPermission.name);
     csv
       .parseString(fileStream.toString(), {
-        headers: ['first_name', 'last_name', 'email', 'groups', 'role'],
+        headers: ['first_name', 'last_name', 'email', 'groups', 'user_role'],
         renameHeaders: true,
         ignoreEmpty: true,
       })
@@ -719,13 +719,12 @@ export class OrganizationsService {
         return next(null, {
           ...row,
           groups: this.createGroupsList(row?.groups),
-          role: this.convertUserRolesCasing(row?.role),
+          user_role: this.convertUserRolesCasing(row?.user_role),
         });
       })
       .validate(async (data: UserCsvRow, next) => {
         await dbTransactionWrap(async (manager: EntityManager) => {
           //Check for existing users
-
           let isInvalidRole = false;
           const user = await this.usersService.findByEmail(data?.email, undefined, undefined, manager);
 
@@ -734,7 +733,14 @@ export class OrganizationsService {
           } else if (user?.organizationUsers?.some((ou) => ou.organizationId === currentUser.organizationId)) {
             existingUsers.push(data?.email);
           } else {
-            users.push(data);
+            const user = {
+              first_name: data.first_name,
+              last_name: data.last_name,
+              email: data.email,
+              role: data.user_role,
+              groups: data?.groups,
+            };
+            users.push(user);
           }
 
           //Check for invalid groups
@@ -748,8 +754,8 @@ export class OrganizationsService {
             }
           }
 
-          if (!Object.values(USER_ROLE).includes(data?.role as USER_ROLE)) {
-            invalidRoles.push(data?.role);
+          if (!Object.values(USER_ROLE).includes(data?.user_role as USER_ROLE)) {
+            invalidRoles.push(data?.user_role);
             isInvalidRole = true;
           }