When first creating a User, you do not specify a
password in the POST and the User will be set to inactive. A temporary password is automatically generated and sent to the user by email, and once updated the User will become active.
To resend a welcome email to a user, see resend_user_email.
Users cannot be deleted once they have taken any action in the system (e.g. any create, update, or deletes)