How to setup organization-wide RBAC for access to different features?

Hey Auth0 Community!

We’re in the process of setting up a B2B application.
Our users work at different companies with whom we have set up different deals on our services.

We would like to:

  • group users into organizations, only one org at a time.
  • have org-wide permissions so that all members of OrgA can access only certain services.
  • users can invite members into their org or assign users to an org based on their email domain(s).
  • store some metadata on the org for branding (color, logo etc.)

From a quick glance, the Organizations feature seems like the way to go but I’m a bit confused as to how I can add org-wide permissions. I would really appreciate it if someone can guide me on that note.

To further expand on org-wide permissions, here is an example.

Assuming we have 2 features ( feature-a, feature-b ) and 3 orgs ( org-a, org-b, org-c ).
The orgs have access as follows:

  • org-a ; feature-a
  • org-b ; feature-b
  • org-c ; feature-a, feature-b

How can I implement the above access protocol?
Also, assume that org-b might want to upgrade their deal and request for access to feature-a too.