The behaviour appears to have changed for this scenario since this was first opened, I discovered this working on a similar support ticket.
You should now be able to receive a token with the permissions array populated for the relevant role assigned in the rule, on the first login for a user on a Custom Database. This was tested with version auth0@2.31.0 of the Management Client, using the assignRolestoUser method like in the shared rule above.
https://auth0.github.io/node-auth0/module-management.ManagementClient.html#assignRolestoUser