I need to get a user’s permissions that are based on roles they are assigned within the context of a particular organization. There is a Management API end point to get a user’s permissions that are assigned to a user outside the context of an organization, but this endpoint does not return any permissions that a user may have as a result of a role assignment they have within an organization.
I am aware that organization-derived permissions can be made available in a user’s access token via RBAC settings. However, I need programmatic access to the permissions via an admin account (i.e. via the Management API).
I am also aware that one can derive these permissions “manually” by querying the user’s roles within the organization, then by querying the list of permissions for each role, but this is costly in terms of Management API rate limits/quotas.
Is there a single end point that can be called to get a user’s permissions within an organization?
PS: What I am ultimately trying to do is get access to a user’s organization-derived permissions from within an Auth0 Rule, Action, or Hook. As far as I know, the only way to get any of the permissions (but only the ones derived from roles assigned outside an org) is by calling the Management API.
Unfortunately, the Management API does not have a dedicated endpoint to get a user’s permissions in the context of an Organization.
This feature has already been on our feedback radar:
If you have a moment, I recommend upvoting the feedback request since it works on a voting systems where feeback requests with higher upvotes leads to higher implementation priority.
For now, the only way to get this information is to make two separate calls to the Mangement API:
Thanks for your reply @rueben.tiow. Your two-step approach makes sense for how to solve this problem.
FYI, I did see this other feature request, and this endpoint would be useful for me for other reasons, but my endpoint request is slightly different: rather than providing a role and getting the users that belong to that role in a given organization, I am looking to provide a user and getting the permissions that belong to that user in a given organization. But I understand that your two-step solution above can accomplish this, it’s just that I’d rather be able to accomplish this in a single Management API call as opposed to a Management API call plus an additional Management API call for each role. (Maybe there’s a way to cache these calls to get permissions for each role without resorting to a Management API call each time?)
In this situation, I recommend considering creating a new feedback request that asks to support an endpoint that can get the User’s permissions in the context of an organization.
I believe this would be a great feedback improvement request and simplify it to a single call to the Management API.
Please let me know if there is anything else I can do to help.