Question: How do I assign Permissions to users?
Answer:
First, adding Permissions can be understood in these 3 ways:
The typical scenario for using Permissions is for Role-Based Access Control (RBAC) in Auth0. Using the Authorization Core features allows RBAC with your APIs.
In RBAC, the first step is to add Permissions to an API. These Permissions are synonymous with “scopes”. Meaning that when you use this API as the audience
, you must specify these defined “scopes” for the permissions that you need.
With these Permissions defined in your API, you can assign them to users to grant them specific permissions.
Alternatively, you may choose to assign Permissions to Roles before delegating them to users. Adding Permissions to Roles may be relevant to you if you want to scale RBAC.
In cases where you have many users who share many of the same Permissions, then you can assign them to a specific Role that encapsulates these Permissions. The benefit of doing so is to isolate members of different groups with their privileges.
Take for example with these Roles:
Editor: read:reports
, write:reports
, update:reports
, delete:reports
Auditor: read:reports
In this scenario, you can see the advantage of delegating multiple users with an Editor role without going through the hassle of assigning four permissions to each user. Moreover, there is a clear separation of the type of access each Role grants.
RBAC Steps recap:
- Register API with Auth0
- Define permissions for API
- Create roles
- Assign roles to users
- Assign permissions to users, if needed.
How do I add API Permissions?
- Go to Dashboard > Applications > APIs and click the name of the API to view.
- Go to the Permissions tab and enter a permission name and description for the permission you want to add. Be sure not to use any reserved permission names.
- Click Add.
How do I add Permissions to Roles?
- Go to Dashboard > User Management > Roles and click the name of the role to view.
- Click the Permissions tab, then click Add Permissions.
- Select the API from which you want to assign permissions, then select the permissions to add to the role, and click Add Permissions.
How do I assign Permissions to Users?
Method 1: Assign permission in the user list
- Go to Dashboard > User Management > Users.
- Click
...
next to the user you want to modify, and select Assign Permissions. - Select the API from which you want to assign permissions, then select the permissions to assign to the user, and click Add Permissions.
Method 2: Assign permissions in the user profile
You can also assign permissions to users from their profile page.
- Go to Dashboard > User Management > Users, and click the name of the user to view.
- Click the Permissions tab, and click Assign Permissions.
- Select the API from which you want to assign permissions, then select the permissions to assign to the user, and click Add Permissions.
Method 3: Using the Management API
- Call the Management API’s Assign Permissions to a User endpoint.
Supporting Documentation:
https://auth0.com/docs/authorization/rbac/auth-core-features
https://auth0.com/docs/authorization/rbac/rbac-users