diff --git a/internal/dao/group.go b/internal/dao/group.go
index 70fe4de..ddfc337 100644
--- a/internal/dao/group.go
+++ b/internal/dao/group.go
@@ -15,17 +15,20 @@ func GetUsers(ctx context.Context, db bun.IDB, id uuid.UUID) ([]models.KratosIde
 	err := db.NewSelect().Model(&entities).
 		Join(`JOIN authsrv_groupaccount ON identities.id=authsrv_groupaccount.account_id`).
 		Where(`authsrv_groupaccount.group_id = ?`, id).
+		Where("authsrv_groupaccount.trash = ?", false).
 		Scan(ctx)
 	return entities, err
 }
 
 func GetGroupRoles(ctx context.Context, db bun.IDB, id uuid.UUID) ([]*userv3.ProjectNamespaceRole, error) {
-	// Could possibily union them later for some speedup
+	// Could possibly union them later for some speedup
 	var r = []*userv3.ProjectNamespaceRole{}
 	err := db.NewSelect().Table("authsrv_grouprole").
 		ColumnExpr("authsrv_resourcerole.name as role").
 		Join(`JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_grouprole.role_id`).
 		Where("authsrv_grouprole.group_id = ?", id).
+		Where("authsrv_resourcerole.trash = ?", false).
+		Where("authsrv_grouprole.trash = ?", false).
 		Scan(ctx, &r)
 	if err != nil {
 		return nil, err
@@ -37,6 +40,9 @@ func GetGroupRoles(ctx context.Context, db bun.IDB, id uuid.UUID) ([]*userv3.Pro
 		Join(`JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_projectgrouprole.role_id`).
 		Join(`JOIN authsrv_project ON authsrv_project.id=authsrv_projectgrouprole.project_id`).
 		Where("authsrv_projectgrouprole.group_id = ?", id).
+		Where("authsrv_project.trash = ?", false).
+		Where("authsrv_projectgrouprole.trash = ?", false).
+		Where("authsrv_resourcerole.trash = ?", false).
 		Scan(ctx, &pr)
 	if err != nil {
 		return nil, err
@@ -48,6 +54,9 @@ func GetGroupRoles(ctx context.Context, db bun.IDB, id uuid.UUID) ([]*userv3.Pro
 		Join(`JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_projectgroupnamespacerole.role_id`).
 		Join(`JOIN authsrv_project ON authsrv_project.id=authsrv_projectgroupnamespacerole.project_id`). // also need a namespace join
 		Where("authsrv_projectgroupnamespacerole.group_id = ?", id).
+		Where("authsrv_project.trash = ?", false).
+		Where("authsrv_projectgroupnamespacerole.trash = ?", false).
+		Where("authsrv_resourcerole.trash = ?", false).
 		Scan(ctx, &pnr)
 	if err != nil {
 		return nil, err
diff --git a/internal/dao/role.go b/internal/dao/role.go
index 7b4939c..dd88900 100644
--- a/internal/dao/role.go
+++ b/internal/dao/role.go
@@ -15,6 +15,8 @@ func GetRolePermissions(ctx context.Context, db bun.IDB, id uuid.UUID) ([]models
 		ColumnExpr("authsrv_resourcepermission.name as name").
 		Join(`JOIN authsrv_resourcerolepermission ON authsrv_resourcerolepermission.resource_permission_id=authsrv_resourcepermission.id`).
 		Where("authsrv_resourcerolepermission.resource_role_id = ?", id).
+		Where("authsrv_resourcepermission.trash = ?", false).
+		Where("authsrv_resourcerolepermission.trash = ?", false).
 		Scan(ctx, &r)
 	if err != nil {
 		return nil, err
diff --git a/internal/dao/user.go b/internal/dao/user.go
index 69fdc31..4072592 100644
--- a/internal/dao/user.go
+++ b/internal/dao/user.go
@@ -14,6 +14,7 @@ func GetGroups(ctx context.Context, db bun.IDB, id uuid.UUID) ([]models.Group, e
 	err := db.NewSelect().Model(&entities).
 		Join(`JOIN authsrv_groupaccount ON authsrv_groupaccount.group_id="group".id`).
 		Where("authsrv_groupaccount.account_id = ?", id).
+		Where("authsrv_groupaccount.trash = ?", false).
 		Scan(ctx)
 	return entities, err
 }
@@ -25,6 +26,8 @@ func GetUserRoles(ctx context.Context, db bun.IDB, id uuid.UUID) ([]*userv3.Proj
 		ColumnExpr("authsrv_resourcerole.name as role").
 		Join(`JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_accountresourcerole.role_id`).
 		Where("authsrv_accountresourcerole.account_id = ?", id).
+		Where("authsrv_resourcerole.trash = ?", false).
+		Where("authsrv_accountresourcerole.trash = ?", false).
 		Scan(ctx, &r)
 	if err != nil {
 		return nil, err
@@ -36,6 +39,9 @@ func GetUserRoles(ctx context.Context, db bun.IDB, id uuid.UUID) ([]*userv3.Proj
 		Join(`JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_projectaccountresourcerole.role_id`).
 		Join(`JOIN authsrv_project ON authsrv_project.id=authsrv_projectaccountresourcerole.project_id`).
 		Where("authsrv_projectaccountresourcerole.account_id = ?", id).
+		Where("authsrv_project.trash = ?", false).
+		Where("authsrv_resourcerole.trash = ?", false).
+		Where("authsrv_projectaccountresourcerole.trash = ?", false).
 		Scan(ctx, &pr)
 	if err != nil {
 		return nil, err
@@ -47,6 +53,9 @@ func GetUserRoles(ctx context.Context, db bun.IDB, id uuid.UUID) ([]*userv3.Proj
 		Join(`JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_projectaccountnamespacerole.role_id`).
 		Join(`JOIN authsrv_project ON authsrv_project.id=authsrv_projectaccountnamespacerole.project_id`). // also need a namespace join
 		Where("authsrv_projectaccountnamespacerole.account_id = ?", id).
+		Where("authsrv_project.trash = ?", false).
+		Where("authsrv_resourcerole.trash = ?", false).
+		Where("authsrv_projectaccountresourcerole.trash = ?", false).
 		Scan(ctx, &pnr)
 	if err != nil {
 		return nil, err