Clarifying Intent: Rules vs RBAC for auto-provisioning users to roles

It’s possible I’ve overlooked an existing feature but want to clarify intent of functionality as it relates to Rules and RBAC.

RBAC looks like something that Auth0 is investing in expanding the capabilities for and will eventually phase out the authorization extension (as a couple blog posts suggest)

There is also a default “set roles to a user role” rule that this article outlines https://auth0.com/rules/roles-creation

When using a Rule to specify a user role, the role information becomes available in the access token/id token (however you’ve configured the rule) HOWEVER the actual role in the system is NOT updated to contain that user.

I found this documentation that outlines how to add users to roles through the management api: https://auth0.com/docs/api/management/v2/#!/Roles/post_role_users

My question is really, when using the rule approach, is it intended that the user is not added to the role definition?

What is the latest best practice for “auto-provisioning” users to roles within the tenant?

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?