Hi @Limpi23,
Welcome to the Auth0 Community!
I understand you have some questions regarding Role-Base Access Control (RBAC). I’d be happy to help.
First, I’d like to inform you that the Auth0 Authorization Extension will eventually be deprecated. Given that, I strongly recommend you use the Authorization Core to implement RBAC.
Using the Authorization Core will improve scalability and performance.
To do so, please take a look at our Authorization Core documentation.
Then in the authentication flow, you can pass the user’s permission in the scope parameter to allow them to gain access to a specific resource.
And optionally, you can get the permissions and roles from your users using the get user permissions endpoint and get user roles endpoint respectively.
Please let me know if you have any questions or need further clarification. I’d be happy to help.
Thank you.