hashicorp · rkoron007 · Oct 1, 2025 · Sep 5, 2025 · Sep 19, 2025 · Sep 19, 2025
@@ -36,7 +36,7 @@
   {
     "title": "Manage access and organizations",
     "routes": [
-  { "title": "Users", "path": "users-teams-organizations/users" },
+    { "title": "Users", "path": "users-teams-organizations/users" },
     {
   "title": "Teams",
         "routes": [
@@ -838,6 +838,7 @@
     ]
   },
   { "title": "Team membership", "path": "api-docs/team-members" },
+  { "title": "Group member roles", "path": "api-docs/group-member-roles" },
   { "title": "Team tokens", "path": "api-docs/team-tokens" },
   { "title": "Teams", "path": "api-docs/teams" },
   { "title": "User tokens", "path": "api-docs/user-tokens" },

@@ -9,6 +9,21 @@ description: >-
 
 Keep track of changes to the API for HCP Terraform and Terraform Enterprise.
 
+<!-- BEGIN: TFC:only name:hcp-eu -->
+
+## 2025-9-30
+* Add a new page for [group member roles](/terraform/cloud-docs/api-docs/group-member-roles) APIs for retrieving information about group permissions for HCP EU organizations. To learn more about HCP Europe, refer to [Use HCP Terraform in Europe](/terraform/cloud-docs/europe).
+* In HashiCorp Cloud Platform (HCP) Europe organizations, you manage user access through HCP groups. HCP Terraform inherits groups and roles from HCP.  To learn more about HCP Europe, refer to [Use HCP Terraform in Europe](/terraform/cloud-docs/europe).
+  - The following API endpoints are supported by HCP Europe organizations if you use group attributes instead of team attributes:
+    - [`project-team-access`](/terraform/cloud-docs/api-docs/project-team-access)
+    - [`team-tokens`](/terraform/cloud-docs/api-docs/team-tokens)
+    - [`team-access`](/terraform/cloud-docs/api-docs/team-access)
+  - The following API endpoints are **not** supported by HCP Europe organizations:
+    - [`team-members`](/terraform/cloud-docs/api-docs/team-members)
+    - [`teams`](/terraform/cloud-docs/api-docs/teams)
+
+<!-- END: TFC:only name:hcp-eu -->
+
 ## 2025-07-11
 * Update existing [workspaces API documentation](/terraform/cloud-docs/api-docs/workspaces) to reflect that a workspace's default execution mode now matches the project and not the organization default.
 * Update existing [projects API documentation](/terraform/cloud-docs/api-docs/projects) to include `default-execution-mode`, `default-agent-pool`, and `settings-overwrites` for projects.

@@ -0,0 +1,228 @@
+---
+page_title: /member-roles API reference for HCP Terraform
+description: >-
+  Use the HCP Terraform API's group `/member-roles` endpoint to review group permissions for resources.
+tfc_only: true
+---
+
+[200]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/200
+
+[201]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/201
+
+[202]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/202
+
+[204]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/204
+
+[400]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/400
+
+[401]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401
+
+[403]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403
+
+[404]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/404
+
+[409]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/409
+
+[412]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/412
+
+[422]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/422
+
+[429]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/429
+
+[500]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/500
+
+[504]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/504
+
+[JSON API document]: /terraform/cloud-docs/api-docs#json-api-documents
+
+[JSON API error object]: https://jsonapi.org/format/#error-objects
+
+# Group member role API reference
+
+The group member role API returns the assigned roles for an HCP group on a given resource, such as an organization, project, or a workspace.
+
+<Note>
+
+This API is only available for HCP Europe organizations. If your URL includes `portal.cloud.eu.hashicorp` or `app.eu.terraform.io`, then you are in an HCP Europe organization. To learn more about HCP Europe, refer to the [HCP Europe documentation](/hcp/docs/hcp/europe).
+
+For other HCP Terraform organizations, refer to the [Team members](/terraform/cloud-docs/api-docs/team-members) API.
+
+</Note>
+
+## List all role assignments
+
+`GET /member-roles/:resource_type/:resource_id`
+
+| Parameter            | Description                                      |
+| -------------------- | ------------------------------------------------ |
+| `:resource_type` | The type of the resource. This can be organizations, projects, workspaces. |
+| `:resource_id` | The id of the respective resource.     |
+
+
+### Query Parameters
+
+This endpoint supports pagination [with standard URL query parameters](/terraform/cloud-docs/api-docs#query-parameters). Remember to percent-encode `[` as `%5B` and `]` as `%5D` if your tooling doesn't automatically encode URLs.
+
+| Parameter       | Description                                                                                                                                                                  |
+| --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `q`             | **Optional.** Allows querying a list of role assignments by group name. This search is case-insensitive.                                                                     |
+| `page[number]`  | **Optional.** If omitted, the endpoint will return the first page.                                                                                                           |
+| `page[size]`    | **Optional.** If omitted, the endpoint will return 20 role assignments per page.                                                                                                        |
+| `sort`          | **Optional.** Allows sorting by group names. The only valid value is `"name"`. Prepending a hyphen to the sort parameter will reverse the order (e.g. `"-name"`).           |
+
+### Sample Request
+
+```shell
+$ curl \
+  --header "Authorization: Bearer $TOKEN" \
+  --header "Content-Type: application/vnd.api+json" \
+  --request GET \
+  https://app.terraform.io/api/v2/member-roles/organizations/5574ca0a-4d0b-4456-b1a6-54e8ae4c1b2a?page[number]=1&page[size]=10&sort=
+```
+
+### Sample Response
+
+The response shows the ID and name of the HCP groups, as well as the HCP and HCP Terraform permissions that group has access to. The `resource-type` attribute determines at which resource level, such as organization, project, or workspace, that the role is coming from.
+
+```json
+{
+  "data": [
+    {
+      "id": "726a300c45-groups-bbe82f8dcb41025f18c951",
+      "type": "member-roles",
+      "attributes": {
+        "roles": [],
+        "member-id": "iam.group:hFkn8zpNB6cRp8jnqPkH",
+        "member-name": "group_D",
+        "member-type": "groups"
+      }
+    },
+    {
+      "id": "bee3018293f35b435662b8882e3fc024",
+      "type": "member-roles",
+      "attributes": {
+        "roles": [
+            {
+              "resource-type": "organizations",
+              "role-id": "roles/terraform.legacy-organization-access-custom"
+            },
+            {
+              "resource-type": "organizations",
+              "role-id": "roles/admin"
+            }
+        ],
+        "member-id": "iam.group:HTwTGdftfghn9HHwKJ9w",
+        "member-name": "group_C",
+        "member-type": "groups"
+      }
+    },
+    {
+      "id": "36ed391b9b65ad434576787d46c01af8b8",
+      "type": "member-roles",
+      "attributes": {
+        "roles": [],
+        "member-id": "iam.group:cTJfbKCJTThcq8pPQJTj",
+        "member-name": "group_B",
+        "member-type": "groups"
+      }
+    }
+  ],
+  "links": {
+    "self": "https://app.terraform.io/api/v2/member-roles/organizations/4741ca0a-4d0b-4177-b1a6-54e8ae4c1b2a?page%5Bnumber%5D=1&page%5Bsize%5D=20",
+    "first": "https://app.terraform.io/api/v2/member-roles/organizations/4741ca0a-4d0b-4177-b1a6-54e8ae4c1b2a?page%5Bnumber%5D=1&page%5Bsize%5D=20",
+    "prev": null,
+    "next": null,
+    "last": "https://app.terraform.io/api/v2/member-roles/organizations/4741ca0a-4d0b-4177-b1a6-54e8ae4c1b2a?page%5Bnumber%5D=1&page%5Bsize%5D=20"
+  },
+  "meta": {
+    "pagination": {
+      "current-page": 1,
+      "page-size": 20,
+      "prev-page": null,
+      "next-page": null,
+      "total-pages": 1,
+      "total-count": 19
+    }
+  }
+}
+```
+
+## Show roles for a group
+
+`GET /member-roles/:resource_type/:resource_id`
+
+This endpoint fetches the HCP roles and relevant permissions for a single group on the specified resource.
+
+| Parameter            | Description                                                      |
+| -------------------- | ------------------------------------------------                 |
+| `:resource_type` | The resource level to view the roles for. This can be organizations, projects, workspaces. |
+| `:resource_id` | The id of the resource that is of the type resource_type.              |
+| `filter[member_type]` | **Required.** Specifies the type of the member. As of now, the only acceptable value is groups.  |
+| `filter[group_id]` |  **Required.** The id of the group that you want to see the permissions for.             |
+
+
+### Query Parameters
+
+This endpoint supports pagination [with standard URL query parameters](/terraform/cloud-docs/api-docs#query-parameters). Remember to percent-encode `[` as `%5B` and `]` as `%5D` if your tooling doesn't automatically encode URLs.
+
+| Parameter       | Description                                                                                                                                                                  |
+| --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `page[number]`  | **Optional.** If omitted, the endpoint will return the first page.                                                                                                           |
+| `page[size]`    | **Optional.** If omitted, the endpoint will return 10 teams per page.                                                                                                        |
+
+### Sample Request
+
+```shell
+$ curl \
+  --header "Authorization: Bearer $TOKEN" \
+  --header "Content-Type: application/vnd.api+json" \
+  --request GET \
+  https://app.terraform.io/api/v2/member-roles/organizations/5574ca0a-4d0b-4456-b1a6-54e8ae4c1b2a?filter[member_type]=groups&filter[member_id]=iam.group%6ANzJbGbHIigBctKmRrTkz
+```
+
+### Sample Response
+
+The response shows the hcp and terraform roles for a single member (e.g. group) on the specified resource.
+
+```json
+{
+  "data": [
+    {
+      "id": "865a1f57998956c67ae86e745ea61654",
+      "type": "member-roles",
+      "attributes": {
+        "roles": [
+          {
+            "resource-type": "organizations",
+            "role-id": "roles/admin"
+          },
+          {
+            "resource-type": "projects",
+            "role-id": "roles/terraform.legacy-project-access-custom"
+          }
+        ],
+        "member-id": "iam.group:NzJbGbYyLgBctKmDmTkz",
+        "member-name": "group_A",
+        "member-type": "groups"
+      }
+    }
+  ],
+  "links": {
+    "self": "https://app.terraform.io/api/v2/member-roles/projects/e78425e5-af7a-40ec-b62c-9a97331b1cd0?filter%5Bmember_id%5D=iam.group%3ANzJbGbHbLgBctKmDmTkz\u0026filter%5Bmember_type%5D=groups\u0026page%5Bnumber%5D=1\u0026page%5Bsize%5D=20",
+    "first": "https://app.terraform.io/api/v2/member-roles/projects/e78425e5-af7a-40ec-b62c-9a97331b1cd0?filter%5Bmember_id%5D=iam.group%3ANzJbGbHbLgBctKmDmTkz\u0026filter%5Bmember_type%5D=groups\u0026page%5Bnumber%5D=1\u0026page%5Bsize%5D=20",
+    "prev": null,
+    "next": null,
+    "last": "https://app.terraform.io/api/v2/member-roles/projects/e78425e5-af7a-40ec-b62c-9a97331b1cd0?filter%5Bmember_id%5D=iam.group%3ANzJbGbHbLgBctKmDmTkz\u0026filter%5Bmember_type%5D=groups\u0026page%5Bnumber%5D=1\u0026page%5Bsize%5D=20"
+  },
+  "meta": {
+    "pagination": {
+      "current-page": 1,
+      "page-size": 20,
+      "prev-page": null,
+      "next-page": null,
+      "total-pages": 1,
+      "total-count": 1
+    }
+  }
+}
+```
@@ -119,6 +119,9 @@ The following entitlements are available:
 - `configuration-designer` — Allows an organization to use the [Configuration Designer][].
 - `cost-estimation` — Allows an organization to access [cost estimation][].
 - `global-run-tasks` — Allows an organization to apply [run tasks](/terraform/cloud-docs/workspaces/settings/run-tasks) to every workspace. Affects the [run tasks][] endpoints. This feature is currently in beta.
+<!-- BEGIN: TFC:only name:hcp-eu -->
+- `groups` - Allows an organization to manage access to its workspaces with [groups](https://docs.hashicorp.com/hcp/docs/hcp/iam/groups) for a HCP Europe organization. To learn more about HCP Europe, refer to the [HCP Europe documentation](/hcp/docs/hcp/europe).
+<!-- END: TFC:only name:hcp-eu -->
 - `module-tests-generation` - Allows an organization to generate tests for private registry modules. This feature is currently in beta.
 - `module-deprecations` - Allows an organization to mark a module version from the Private Registry as deprecated.
 - `module-revocations` - Allows an organization to mark a deprecated module version from the Private Registry as revoked.
@@ -160,6 +163,8 @@ The following entitlements are available:
 
 [o-tokens]: /terraform/cloud-docs/api-docs/oauth-tokens
 
+[member roles]: /terraform/cloud-docs/api-docs/member-roles
+
 [plans]: /terraform/cloud-docs/api-docs/plans
 
 [policies]: /terraform/cloud-docs/api-docs/policies

@@ -44,6 +44,18 @@ description: >-
 
 The team access APIs are used to associate a team to permissions on a project. A single `team-project` resource contains the relationship between the Team and Project, including the privileges the team has on the project.
 
+<!-- BEGIN: TFC:only name:hcp-eu -->
+
+<Note>
+
+In HCP Europe organizations, you use HCP **groups** to manage permissions instead of **teams**. To learn more about HCP Europe, refer to [Use HCP Terraform in Europe](/terraform/cloud-docs/europe).
+
+You can replace team attributes with HCP group attributes in the following `team-project` API endpoints. Each API response can return information about groups and their permissions on projects.
+
+</Note>
+
+<!-- END: TFC:only name:hcp-eu -->
+
 ## Resource permissions
 
 A `team-project` resource represents a team's local permissions on a specific project. Teams can also have organization-level permissions that grant access to projects. HCP Terraform uses the more restrictive access level. For example, a team with the **Manage projects** permission enabled has admin access on all projects, even if their `team-project` on a particular project only grants read access. For more information, refer to [Managing Project Access](/terraform/cloud-docs/users-teams-organizations/teams/manage#managing-project-access).
@@ -404,8 +416,8 @@ $ curl \
     "attributes": {
       "access": "custom",
       "project-access": {
-        "settings": "delete"
-        "teams": "manage",
+        "settings": "delete",
+        "teams": "manage"
       },
       "workspace-access" : {
         "runs": "apply",

@@ -44,6 +44,18 @@ description: >-
 
 The team access APIs are used to associate a team to permissions on a workspace. A single `team-workspace` resource contains the relationship between the Team and Workspace, including the privileges the team has on the workspace.
 
+<!-- BEGIN: TFC:only name:hcp-eu -->
+
+<Note>
+
+In HCP Europe organizations, you use HCP **groups** to manage permissions instead of **teams**. To learn more about HCP Europe, refer to [Use HCP Terraform in Europe](/terraform/cloud-docs/europe).
+
+You can replace team attributes with HCP group attributes in the following `team-workspace` API endpoints. Each API response can return information about groups and their permissions on workspaces.
+
+</Note>
+
+<!-- END: TFC:only name:hcp-eu -->
+
 ## Resource permissions
 
 A `team-workspace` resource represents a team's local permissions on a specific workspace. Teams can also have organization-level permissions that grant access to workspaces. HCP Terraform uses the more restrictive access level. For example, a team with the **Manage workspaces** permission enabled has admin access on all workspaces, even if their `team-workspace` on a particular workspace only grants read access. For more information, refer to [Managing Workspace Access](/terraform/cloud-docs/users-teams-organizations/teams/manage#managing-workspace-access).

@@ -46,6 +46,18 @@ description: >-
 
 The Team Membership API is used to add or remove users from teams. The [Team API](/terraform/cloud-docs/api-docs/teams) is used to create or destroy teams.
 
+<!-- BEGIN: TFC:only name:hcp-eu -->
+
+<Note>
+
+In HCP Europe organizations, you use HCP **groups** to manage permissions instead of **teams**. To learn more about HCP Europe, refer to [Use HCP Terraform in Europe](/terraform/cloud-docs/europe).
+
+The following team membership APIs are **not** available for HCP Europe organizations. Manage user membership to a group on the [HCP platform](https://portal.cloud.eu.hashicorp.com).
+
+</Note>
+
+<!-- END: TFC:only name:hcp-eu -->
+
 ## Organization Membership
 
 -> **Note:** To add users to a team, they must first receive and accept the invitation to join the organization by email. This process ensures that you do not accidentally add the wrong person by mistyping a username. Refer to [the Organization Memberships API documentation](/terraform/cloud-docs/api-docs/organization-memberships) for more information.

@@ -44,6 +44,18 @@ Teams relying on the [**legacy**](/terraform/cloud-docs/api-docs/team-tokens#leg
 
 You can create and delete team tokens and list an organization's team tokens.
 
+<!-- BEGIN: TFC:only name:hcp-eu -->
+
+<Note>
+
+In HCP Europe organizations, you use HCP **groups** to manage permissions instead of **teams**. To learn more about HCP Europe, refer to [Use HCP Terraform in Europe](/terraform/cloud-docs/europe).
+
+You can replace team attributes with HCP group attributes in the following API endpoints. For example, you can replace `team_id` with `group_id`, and the API responses return group-related information. You can also manage group API tokens on the [HCP platform](https://portal.cloud.eu.hashicorp.com).
+
+</Note>
+
+<!-- END: TFC:only name:hcp-eu -->
+
 ## Generate a new team token
 
 Generates a new team token.