In the Admin Console, under Authorization, click Roles.
Click Create Role.
Provide a Name and optional Description.
Under Role access, select the Resource Server for which the role will apply to.
Under Role access, click the checkbox corresponding to each scope you wish to grant the role to access or allow access to.
Click Create Role to save the new role.