diff --git a/docs/data-sources/jaas_role.md b/docs/data-sources/jaas_role.md
new file mode 100644
index 00000000..2b2bb1a8
--- /dev/null
+++ b/docs/data-sources/jaas_role.md
@@ -0,0 +1,34 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "juju_jaas_role Data Source - terraform-provider-juju"
+subcategory: ""
+description: |-
+  A data source representing a Juju JAAS Role.
+---
+
+# juju_jaas_role (Data Source)
+
+A data source representing a Juju JAAS Role.
+
+## Example Usage
+
+```terraform
+data "juju_jaas_role" "test" {
+  name = "role-0"
+}
+
+output "role_uuid" {
+  value = data.juju_jaas_role.test.uuid
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The name of the role.
+
+### Read-Only
+
+- `uuid` (String) The UUID of the role.
diff --git a/docs/resources/jaas_access_cloud.md b/docs/resources/jaas_access_cloud.md
index 500747f6..d92d5bf6 100644
--- a/docs/resources/jaas_access_cloud.md
+++ b/docs/resources/jaas_access_cloud.md
@@ -33,6 +33,7 @@ resource "juju_jaas_access_cloud" "development" {
 ### Optional
 
 - `groups` (Set of String) List of groups to grant access.
+- `roles` (Set of String) List of roles to grant access.
 - `service_accounts` (Set of String) List of service accounts to grant access.
 - `users` (Set of String) List of users to grant access.
 
diff --git a/docs/resources/jaas_access_controller.md b/docs/resources/jaas_access_controller.md
index 7641e056..08657de0 100644
--- a/docs/resources/jaas_access_controller.md
+++ b/docs/resources/jaas_access_controller.md
@@ -31,6 +31,7 @@ resource "juju_jaas_access_controller" "development" {
 ### Optional
 
 - `groups` (Set of String) List of groups to grant access.
+- `roles` (Set of String) List of roles to grant access.
 - `service_accounts` (Set of String) List of service accounts to grant access.
 - `users` (Set of String) List of users to grant access.
 
diff --git a/docs/resources/jaas_access_group.md b/docs/resources/jaas_access_group.md
index a915f801..617ca31e 100644
--- a/docs/resources/jaas_access_group.md
+++ b/docs/resources/jaas_access_group.md
@@ -33,6 +33,7 @@ resource "juju_jaas_access_group" "development" {
 ### Optional
 
 - `groups` (Set of String) List of groups to grant access.
+- `roles` (Set of String) List of roles to grant access.
 - `service_accounts` (Set of String) List of service accounts to grant access.
 - `users` (Set of String) List of users to grant access.
 
diff --git a/docs/resources/jaas_access_model.md b/docs/resources/jaas_access_model.md
index f8ff7f49..3111133d 100644
--- a/docs/resources/jaas_access_model.md
+++ b/docs/resources/jaas_access_model.md
@@ -33,6 +33,7 @@ resource "juju_jaas_access_model" "development" {
 ### Optional
 
 - `groups` (Set of String) List of groups to grant access.
+- `roles` (Set of String) List of roles to grant access.
 - `service_accounts` (Set of String) List of service accounts to grant access.
 - `users` (Set of String) List of users to grant access.
 
diff --git a/docs/resources/jaas_access_offer.md b/docs/resources/jaas_access_offer.md
index 40116027..a4238a52 100644
--- a/docs/resources/jaas_access_offer.md
+++ b/docs/resources/jaas_access_offer.md
@@ -33,6 +33,7 @@ resource "juju_jaas_access_offer" "development" {
 ### Optional
 
 - `groups` (Set of String) List of groups to grant access.
+- `roles` (Set of String) List of roles to grant access.
 - `service_accounts` (Set of String) List of service accounts to grant access.
 - `users` (Set of String) List of users to grant access.
 
diff --git a/docs/resources/jaas_access_role.md b/docs/resources/jaas_access_role.md
new file mode 100644
index 00000000..887a34c4
--- /dev/null
+++ b/docs/resources/jaas_access_role.md
@@ -0,0 +1,50 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "juju_jaas_access_role Resource - terraform-provider-juju"
+subcategory: ""
+description: |-
+  A resource that represents access to a role when using JAAS.
+---
+
+# juju_jaas_access_role (Resource)
+
+A resource that represents access to a role when using JAAS.
+
+## Example Usage
+
+```terraform
+resource "juju_jaas_access_role" "development" {
+  role_id          = juju_jaas_role.target-role.uuid
+  access           = "member"
+  users            = ["foo@domain.com"]
+  roles            = [juju_jaas_role.development.uuid]
+  service_accounts = ["Client-ID-1", "Client-ID-2"]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `access` (String) Level of access to grant. Changing this value will replace the Terraform resource. Valid access levels are described at https://canonical-jaas-documentation.readthedocs-hosted.com/en/latest/reference/authorisation_model/#valid-relations
+- `role_id` (String) The ID of the role for access management. If this is changed the resource will be deleted and a new resource will be created.
+
+### Optional
+
+- `groups` (Set of String) List of groups to grant access.
+- `service_accounts` (Set of String) List of service accounts to grant access.
+- `users` (Set of String) List of users to grant access.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# JAAS role access can be imported using the role UUID and access level
+$ terraform import juju_jaas_access_role.development UUID:member
+```
diff --git a/docs/resources/jaas_access_service_account.md b/docs/resources/jaas_access_service_account.md
index 3c12525a..5511bad4 100644
--- a/docs/resources/jaas_access_service_account.md
+++ b/docs/resources/jaas_access_service_account.md
@@ -33,6 +33,7 @@ resource "juju_jaas_access_service_account" "development" {
 ### Optional
 
 - `groups` (Set of String) List of groups to grant access.
+- `roles` (Set of String) List of roles to grant access.
 - `service_accounts` (Set of String) List of service accounts to grant access.
 - `users` (Set of String) List of users to grant access.
 
diff --git a/docs/resources/jaas_role.md b/docs/resources/jaas_role.md
new file mode 100644
index 00000000..b44ef849
--- /dev/null
+++ b/docs/resources/jaas_role.md
@@ -0,0 +1,30 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "juju_jaas_role Resource - terraform-provider-juju"
+subcategory: ""
+description: |-
+  A resource that represents a role in JAAS
+---
+
+# juju_jaas_role (Resource)
+
+A resource that represents a role in JAAS
+
+## Example Usage
+
+```terraform
+resource "juju_jaas_role" "development" {
+  name = "devops-team"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Name of the role
+
+### Read-Only
+
+- `uuid` (String) UUID of the role
diff --git a/examples/data-sources/juju_jaas_role/data-source.tf b/examples/data-sources/juju_jaas_role/data-source.tf
new file mode 100644
index 00000000..bb896dad
--- /dev/null
+++ b/examples/data-sources/juju_jaas_role/data-source.tf
@@ -0,0 +1,7 @@
+data "juju_jaas_role" "test" {
+  name = "role-0"
+}
+
+output "role_uuid" {
+  value = data.juju_jaas_role.test.uuid
+}
diff --git a/examples/resources/juju_jaas_access_role/import.sh b/examples/resources/juju_jaas_access_role/import.sh
new file mode 100644
index 00000000..cc7bc929
--- /dev/null
+++ b/examples/resources/juju_jaas_access_role/import.sh
@@ -0,0 +1,2 @@
+# JAAS role access can be imported using the role UUID and access level
+$ terraform import juju_jaas_access_role.development UUID:member
diff --git a/examples/resources/juju_jaas_access_role/resource.tf b/examples/resources/juju_jaas_access_role/resource.tf
new file mode 100644
index 00000000..27fcef84
--- /dev/null
+++ b/examples/resources/juju_jaas_access_role/resource.tf
@@ -0,0 +1,7 @@
+resource "juju_jaas_access_role" "development" {
+  role_id          = juju_jaas_role.target-role.uuid
+  access           = "member"
+  users            = ["foo@domain.com"]
+  roles            = [juju_jaas_role.development.uuid]
+  service_accounts = ["Client-ID-1", "Client-ID-2"]
+}
diff --git a/examples/resources/juju_jaas_role/resource.tf b/examples/resources/juju_jaas_role/resource.tf
new file mode 100644
index 00000000..3942d1b9
--- /dev/null
+++ b/examples/resources/juju_jaas_role/resource.tf
@@ -0,0 +1,3 @@
+resource "juju_jaas_role" "development" {
+  name = "devops-team"
+}