Good morning,
In response to your questions, I've provided insight for each:
1) Manage groups through restman: Not current available and we are tracking an idea for this (Make sure you vote on this) RESTMAN - IIP group handling
2) Manage roles for a user through restman: This can be done by running a restman request against the URL https://<gateway IP/FQDN>:8443/restman/1.0/roles/<role id>/assignments with a PUT method using the payload "
<l7:AddAssignmentsContext xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
<l7:assignments>
<l7:assignment>
<l7:providerId>0000000000000000fffffffffffffffe</l7:providerId>
<l7:identityName><User name></l7:identityName>
<l7:entityType><User or Group></l7:entityType>
</l7:assignment>
</l7:assignments>
</l7:AddAssignmentsContext>
3) Disabling of the user requirement to reset the password: Uncheck Force password change for new user and reset in the Policy Manager -> Tasks -> Users and Authentication -> Manage Password Policy
Sincerely,
Stephen Hughes
Director, CA Support