# Users

**GET** works with **READ**; creating, updating, or deleting users requires **WRITE** ([Authentication & scopes](./authentication/)).

## What you get

User payloads include identifiers, contact and HR-style profile fields, and a **role** (**EMPLOYEE** vs **ADMIN**) that controls what that person can do inside Fleet. Responses may include a stable **`company_id`** numeric field from the API schema—your client does not send a separate workspace selector in the URL.

## Listing

The list endpoint is paginated. Which people appear is determined automatically from your credential; you supply **`limit`** and **`offset`** (see **API reference** for defaults and caps).

## Creating and updating

Creation requires a valid **work email** and optional profile fields; Fleet enforces email policies and uniqueness. Updates let you change profile data, role, or email where allowed; password updates follow special rules (non-empty string only—see **API reference**). Nullable fields use **omit vs null** semantics documented per field in OpenAPI.

## Relationship to carts and devices

User ids appear as **purchasers**, **signatories**, **assignees** on devices, and in cart lines—keep ids consistent with the people records you manage here.

## Next steps

- [Carts & orders](./carts-and-orders/) — purchasers and signatories.
- [Devices](./devices/) — assignment targets.
- **API reference** — **Users** tag for request/response schemas.