How do i control the access to api management in Auth0 according to user previleges?

I am developing my own portal for user management. How do i restrict the user with less privelege (custom scope) to modify another user’s profile who has high privilege (custom scope).

Hey there @kkhanal !

I assume you are planning on performing these actions on your backend using Management API access tokens? I imagine the easiest way to handle this would be to implement logic on your backend to decide what a user can or cannot do and then use a Management API access token via some sort of management client to carry out the allowed actions (based on the scopes of users).

Keep us posted!


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.