Hi Wayne,
Our SecurityPolicy endpoint should take care of your needs here.
https://www.labkey.org/download/clientapi_docs/javascript-api/symbols/LABKEY.SecurityPolicy.html
Per the documentation:
=====================
Class LABKEY.SecurityPolicy
Represents a security policy for a particular securable resource on the server. In general, you should obtain an instance of this class from the LABKEY.Security.getPolicy() method. You may use the methods of this class to alter the policy and save it back to the server using the LABKEY.Security.savePolicy() method.
The following definitions should be helpful in understanding the methods of this class:
Principal: A user principal, which can be either a user or a group. Users and groups are both user principals, and in a security policy, a user principal is assigned to a given role.
Role: A role grants a specific set of permissions. For example, the 'Reader' role grants the read permission. Roles are identified by unique names (usually a fully-qualified Java class name). A full set of roles is obtainable from the LABKEY.Security.getRoles() method.
Direct vs Effective Assignment: In a policy, principals are assigned to one or more roles. However, because a principal might be a group, the users that belong to that group are effectively in whatever role the group is assigned to. In this situation, the user is 'effectively' assigned to the role, while the group is 'directly' assigned to the role. Asking for a user's effective roles will return all roles the user is directly assigned to plus all roles the groups the user belongs to are assigned to.
=====================
Leveraging this API endpoint should give you the necessary control to figure out the ID numbers for those groups, the roles assigned to those groups, the users assigned to those groups, and updating the roles for those groups as needed.
Regards,
Jon