Hello @santhosh.sadanandan,
Welcome to the Auth0 Community! Depending on your application architecture you may be able to leverage Auth0’s core authorization feature, but I suspect you may need to build a DIY solution by storing role data in app_metadata. Off the cuff:
"app_metadata": {
"entitlements": {
"project_1": {
"role": "Project Manager"
},
"project_2": {
"role": "Director"
}
}
}
Then use an Auth0 Rule to include entitlements data in the user’s ID and / or access tokens.
Or you could potentially use both … use core RBAC to organize scopes / entitlements and user metadata to store project access data. This might work if, for example, all Project Manager have the same entitlements, but restricted by project.