diff --git a/src/groups.js b/src/groups.js
index 1550c46f0..c5f03456a 100644
--- a/src/groups.js
+++ b/src/groups.js
@@ -31,7 +31,8 @@ var accesscontrol = require('./accesscontrol.js'),
     DatabaseError = require('./databaseerror.js'),
     groupdb = require('./groupdb.js'),
     util = require('util'),
-    uuid = require('uuid');
+    uuid = require('uuid'),
+    _ = require('underscore');
 
 // http://dustinsenos.com/articles/customErrorsInNode
 // http://code.google.com/p/v8/wiki/JavaScriptStackTraceApi
@@ -256,16 +257,22 @@ function addOwnerGroup(callback) {
 function update(groupId, data, callback) {
     assert.strictEqual(typeof groupId, 'string');
     assert(data && typeof data === 'object');
-    assert(Array.isArray(data.roles));
     assert.strictEqual(typeof callback, 'function');
 
-    var error = validateGroupname(data.name);
-    if (error) return callback(error);
+    let error;
+    if ('name' in data) {
+        assert.strictEqual(typeof data.name, 'string');
+        error = validateGroupname(data.name);
+        if (error) return callback(error);
+    }
 
-    error = accesscontrol.validateRoles(data.roles);
-    if (error) return callback(new GroupsError(GroupsError.BAD_FIELD, error.message));
+    if ('roles' in data) {
+        assert(Array.isArray(data.roles));
+        error = accesscontrol.validateRoles(data.roles);
+        if (error) return callback(new GroupsError(GroupsError.BAD_FIELD, error.message));
+    }
 
-    groupdb.update(groupId, { name: data.name, roles: data.roles }, function (error) {
+    groupdb.update(groupId, _.pick(data, 'name', 'roles'), function (error) {
         if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
         if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
 
diff --git a/src/routes/groups.js b/src/routes/groups.js
index 266544de9..5048b3a3b 100644
--- a/src/routes/groups.js
+++ b/src/routes/groups.js
@@ -55,14 +55,16 @@ function update(req, res, next) {
     assert.strictEqual(typeof req.params.groupId, 'string');
     assert.strictEqual(typeof req.body, 'object');
 
-    if (typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be a string'));
+    if ('name' in req.body && typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be a string'));
 
-    if (!Array.isArray(req.body.roles)) return next(new HttpError(400, 'roles must be an array'));
-    for (let role of req.body.roles) {
-        if (typeof role !== 'string') return next(new HttpError(400, 'roles must be an array of strings'));
+    if ('roles' in req.body) {
+        if (!Array.isArray(req.body.roles)) return next(new HttpError(400, 'roles must be an array'));
+        for (let role of req.body.roles) {
+            if (typeof role !== 'string') return next(new HttpError(400, 'roles must be an array of strings'));
+        }
     }
 
-    groups.update(req.params.groupId, { name: req.body.name, roles: req.body.roles }, function (error) {
+    groups.update(req.params.groupId, req.body, function (error) {
         if (error && error.reason === GroupsError.BAD_FIELD) return next(new HttpError(400, error.message));
         if (error) return next(new HttpError(500, error));