Best approach to adding permissions to dynamic resources

Our application has the concept of Users and Clients. A User can be given permission to access a specific Client and do some, none, or all the operations on the Client. The Client is created manually by an Administrator who also grants a User permission to a Client. What is the best way to handle this in the Authorization Extension?

From browsing the tutorials, it seems the best approach is to use the Management API to create a Client specific permission once a Client is created in our app. For example, if I create Client A (with ID 1) in the app, we’ll fire off a request to create Permissions for that Client ( client-a-1:read, client-a-1:edit, client-a-1:other-permission. The Administrator then grants the respective users the permission for that Client.

Is there a better approach or is this the best way to go about it?

As it has been more than a few months since this topic was opened, and there has been no reply or further information provided as to the existence of the issue, we are closing this topic. Please don’t hesitate to create a new topic if this issue is still present, we would be happy to work with you to help find a resolution.