How do i control the access to api management in Auth0 according to user previleges?

I am developing my own portal for user management. How do i restrict the user with less privelege (custom scope) to modify another user’s profile who has high privilege (custom scope).

Hey there @kkhanal !

I assume you are planning on performing these actions on your backend using Management API access tokens? I imagine the easiest way to handle this would be to implement logic on your backend to decide what a user can or cannot do and then use a Management API access token via some sort of management client to carry out the allowed actions (based on the scopes of users).

Keep us posted!