# User [User](https://docs.trustgrid.io/docs/user-management/) accounts for portal and API access. Authenticated via SSO (IDP) or local credentials and assigned permissions via policies. Requires `users::read` permission. ## Retrieve all user groups and their access permissions - [GET /group](https://apidocs.trustgrid.io/group/listgroups.md): Requires groups::read permissions ## Create a new user group with specified access permissions - [POST /group](https://apidocs.trustgrid.io/group/paths/~1group/post.md): Requires groups::modify permissions ## Remove a user from a group and revoke associated permissions - [DELETE /group/{groupId}/members/{email}](https://apidocs.trustgrid.io/group/paths/~1group~1%7Bgroupid%7D~1members~1%7Bemail%7D/delete.md): Requires groups::modify permissions ## Permanently delete a group and remove all member associations - [DELETE /group/{uid}](https://apidocs.trustgrid.io/group/paths/~1group~1%7Buid%7D/delete.md): Requires groups::modify permissions ## Retrieve detailed information about a specific group - [GET /group/{uid}](https://apidocs.trustgrid.io/group/getgroup.md): Requires groups::read permissions ## List all identity providers associated with a group - [GET /group/{uid}/idps](https://apidocs.trustgrid.io/group/listgroupidps.md): Requires groups::read permissions ## Retrieve all users that belong to a specific group - [GET /group/{uid}/members](https://apidocs.trustgrid.io/group/listgroupmembers.md): Requires groups::read permissions ## Add a new user to a group and grant associated permissions - [POST /group/{uid}/members](https://apidocs.trustgrid.io/group/paths/~1group~1%7Buid%7D~1members/post.md): Requires groups::modify permissions ## Retrieve all user groups and their access permissions - [GET /group](https://apidocs.trustgrid.io/user/listgroups.md): Requires groups::read permissions ## Create a new user group with specified access permissions - [POST /group](https://apidocs.trustgrid.io/user/paths/~1group/post.md): Requires groups::modify permissions ## Remove a user from a group and revoke associated permissions - [DELETE /group/{groupId}/members/{email}](https://apidocs.trustgrid.io/user/paths/~1group~1%7Bgroupid%7D~1members~1%7Bemail%7D/delete.md): Requires groups::modify permissions ## Permanently delete a group and remove all member associations - [DELETE /group/{uid}](https://apidocs.trustgrid.io/user/paths/~1group~1%7Buid%7D/delete.md): Requires groups::modify permissions ## Retrieve detailed information about a specific group - [GET /group/{uid}](https://apidocs.trustgrid.io/user/getgroup.md): Requires groups::read permissions ## List all identity providers associated with a group - [GET /group/{uid}/idps](https://apidocs.trustgrid.io/user/listgroupidps.md): Requires groups::read permissions ## Retrieve all users that belong to a specific group - [GET /group/{uid}/members](https://apidocs.trustgrid.io/user/listgroupmembers.md): Requires groups::read permissions ## Add a new user to a group and grant associated permissions - [POST /group/{uid}/members](https://apidocs.trustgrid.io/user/paths/~1group~1%7Buid%7D~1members/post.md): Requires groups::modify permissions ## Retrieve all users in the organization with their roles and permissions - [GET /user](https://apidocs.trustgrid.io/user/listusers.md): Changes to users sometimes take a few minutes to appear while being indexed ## Send an invitation email to a new user to join the organization - [POST /user](https://apidocs.trustgrid.io/user/paths/~1user/post.md): For organizations using the default Trustgrid authentication provider, users must be invited and then they should sign up with the invited email address. For custom IDP integrations, users should be added instead. ## Directly add a user account for organizations with custom identity providers - [POST /user/add](https://apidocs.trustgrid.io/user/paths/~1user~1add/post.md): Add a user. This is only available to organizations with custom IDP integrations. ## Permanently remove a user from the organization and revoke all access - [DELETE /user/{email}](https://apidocs.trustgrid.io/user/paths/~1user~1%7Bemail%7D/delete.md) ## Retrieve the effective merged policy for a user - [GET /user/{email}/policy](https://apidocs.trustgrid.io/user/paths/~1user~1%7Bemail%7D~1policy/get.md): Returns the combined policy derived from all policies directly attached to the user plus those inherited via group membership. ## Attach a named policy to a user - [POST /user/{email}/policy/{name}](https://apidocs.trustgrid.io/user/paths/~1user~1%7Bemail%7D~1policy~1%7Bname%7D/post.md): Adds name to the user's set of directly attached policies. Policies whose names start with restricted- cannot be attached via this endpoint. Requires permissions::modify permission. ## Detach a named policy from a user - [DELETE /user/{email}/policy/{name}](https://apidocs.trustgrid.io/user/paths/~1user~1%7Bemail%7D~1policy~1%7Bname%7D/delete.md): Requires permissions::modify permission. ## Retrieve all groups that a specific user belongs to - [GET /user/{email}/groups](https://apidocs.trustgrid.io/user/listusergroups.md) ## Add a user to a group and grant associated permissions - [POST /v2/user/{email}/groups](https://apidocs.trustgrid.io/user/paths/~1v2~1user~1%7Bemail%7D~1groups/post.md) ## Remove a user from a group and revoke associated permissions - [DELETE /v2/user/{email}/groups/{group}](https://apidocs.trustgrid.io/user/paths/~1v2~1user~1%7Bemail%7D~1groups~1%7Bgroup%7D/delete.md)