Hi @dmiller
Thank you for reaching out to us!
In essence, a role is a set/collection of permissions that you assign to your users and our RBAC feature is designed to handle the management of user permissions as roles. Once RBAC is enabled for your API, it is possible to assign users specific permissions via the Management API or the Auth0 Dashboard, although adding permissions directly to a user circumvents the benefits of role-based access control (RBAC) and is not typically recommended.
I was able to find these additional resources that outline this use-case and also how to add permissions to the Access/ID Tokens:
- Assign permissions using Actions Post User Registration flow;
- Add Roles and Permissions to the ID Token Using Actions.
Hope this helped!
Gerald