Auth0 Home Blog Docs

How To: Assign Roles Per "Organization"

auth0
roles
groups
#1

Hi,

I’m sure this is a common question but can’t find an answer on the net. I have a webapp that uses a concept of “Organization” (or Team, or Group, or one of many terms used across the web) and I’m thinking of using the Auth0 Authorization extension to configure groups, roles and permissions. To clarify the concept is the same as a “Group” on the GitLab.com platform. Basically a user can be a member of many Organizations but each user has different permissions in each of the Orgs they are a member of.

Example:
Given the following organizations:

  • Big Blue
  • Big Red
  • Big Green

User1 is the Owner of “Big Blue” and has full control. Is a Member of Big Red and can do everything except change user security permissions. And finally is a Viewer in Big Green, with read only access.

Back to the Authorization extension:
I can create roles the “Org:Owner”, “Org:Member”, etc. but then how do I restrict that role to only a given organization? Am I thinking of this in the right way? How have others configured their (token) claims to support this type of setup?

Thanks

#2

Hey there @kepboy!

Have you had a chance to take a look at this doc that I think will help you step by step to grasp the concept:

Let me know if you have further questions down the road!

#4

Hey there!

Friendly ping :slight_smile: Did you have some time to take a look at my previous message?

closed #5