Add docs for groups

backend/src/services/org/org-types.ts

@@ -51,10 +51,7 @@ export type TFindAllWorkspacesDTO = {
 };
 
 export type TUpdateOrgDTO = {
-  orgId: string;
   data: Partial<{ name: string; slug: string; authEnforced: boolean; scimEnabled: boolean }>;
 } & TOrgPermission;
 
-export type TGetOrgGroupsDTO = {
-  orgId: string;
-} & TOrgPermission;
+export type TGetOrgGroupsDTO = TOrgPermission;

docs/documentation/platform/groups.mdx

@@ -0,0 +1,67 @@
+---
+title: "User Groups"
+description: "Manage user groups in Infisical."
+---
+
+<Info>
+    User Groups is a paid feature.
+   
+    If you're using Infisical Cloud, then it is available under the **Enterprise Tier**. If you're self-hosting Infisical,
+    then you should contact team@infisical.com to purchase an enterprise license to use it.
+</Info>
+
+## Concept
+
+A (user) group is a collection of users that you can create in an Infisical organization to more efficiently manage permissions and access control for multiple users together. For example, you can have a group called `Developers` with the `Developer` role containing all the developers in your organization.
+
+User groups have the following properties:
+
+- If a group is added to a project under specific role(s), all users in the group will be provisioned access to the project with the role(s). Conversely, if a group is removed from a project, all users in the group will lose access to the project.
+- If a user is added to a group, they will inherit the access control properties of the group including access to project(s) under the role(s) assigned to the group. Conversely, if a user is removed from a group, they will lose access to project(s) that the group has access to.
+- If a user was previously added to a project under a role and is later added to a group that has access to the same project under a different role, then the user will now have access to the project under the composite permissions of the two roles. If the group is subsequently removed from the project, the user will not lose access to the project as they were previously added to the project separately.
+- A user can be part of multiple groups. If a user is part of multiple groups, they will inherit the composite permissions of all the groups that they are part of.
+
+## Workflow
+
+In the following steps, we explore how to create and use user groups to provision user access to projects in Infisical.
+
+<Steps>
+   <Step title="Creating a group">
+        To create a group, head to your Organization Settings > Access Control > Groups and press **Create group**.
+        
+        ![groups org](/images/platform/groups/groups-org.png)
+
+        When creating a group, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+        
+        ![groups org create](/images/platform/groups/groups-org-create.png)
+        
+        Now input a few details for your new group. Here’s some guidance for each field:
+        - Name (required): A friendly name for the group like `Engineering`.
+        - Slug (required): A unique identifier for the group like `engineering`.
+        - Role (required): A role from the Organization Roles tab for the group to assume. The organization role assigned will determine what organization level resources this group can have access to.
+   </Step>
+   <Step title="Adding users to the group">
+        Next, you'll want to assign users to the group. To do this, press on the users icon on the group and start assigning users to the group.
+        
+        ![groups org users](/images/platform/groups/groups-org-users.png)
+        
+        In this example, we're assigning **Alan Turing** and **Ada Lovelace** to the group **Engineering**.
+        
+        ![groups org assign users](/images/platform/groups/groups-org-users-assign.png)
+   </Step>
+   <Step title="Adding the group to a project">
+        To enable the group to access project-level resources such as secrets within a specific project, you should add it to that project.
+
+        To do this, head over to the project you want to add the group to and go to Project Settings > Access Control > Groups and press **Add group**.
+        
+        ![groups project](/images/platform/groups/groups-project.png)
+        
+        Next, select the group you want to add to the project and the project level role you want to allow it to assume. The project role assigned will determine what project level resources this group can have access to.
+        
+        ![groups project add](/images/platform/groups/groups-project-create.png)
+        
+        That's it!
+        
+        The users of the group now have access to the project under the role you assigned to the group.
+   </Step>
+</Steps>

docs/mint.json

@@ -150,6 +150,7 @@
             "documentation/platform/dynamic-secrets/postgresql"
           ]
         },
+        "documentation/platform/groups",
         {
           "group": "SSO",
           "pages": [