# Users

A **user** is a human or technical consumer of the Ripple Custody service. 

A user is associated with a public key, which is registered into the system alongside a set of roles. The roles relate to the permissions a user has to access the various entities within the system (as defined within a particular **domain**) as well as to propose, approve and reject the execution of intents (as defined by the approval workflow of a policy).

Users have, in particular, the following properties:
 - `publicKey`: the public key used to authenticate any user request
 - `roles`: a collection of human-readable strings defining the roles of a user

The private key corresponding to `publicKey` is generated on the user-side, either within the mobile approval terminal or programmatically, and is never communicated to the system. We emphasize here that a user key pair is merely used to authenticate the user and approve the execution of **intents**; it is unrelated to the account keys securing the accounts on the ledger. The loss of a **user** key is dealt with by locking the user and creating a new user with a rotated key.

The locking of a **user** prevents its access to the platform entirely.

## List users

 - [GET /v1/domains/{domainId}/users](https://docs.ripple.com/products/custody/v1.36/reference/api/openapi/users/getusers.md)

## Get known users roles

 - [GET /v1/domains/{domainId}/users/roles](https://docs.ripple.com/products/custody/v1.36/reference/api/openapi/users/getknownuserroles.md)

## Get user details

 - [GET /v1/domains/{domainId}/users/{userId}](https://docs.ripple.com/products/custody/v1.36/reference/api/openapi/users/getuser.md)

## List users belonging to the same public key

 - [GET /v1/me](https://docs.ripple.com/products/custody/v1.36/reference/api/openapi/users/getme.md)

