Implement RBAC on multiple levels

hoque.ximi · June 8, 2020, 12:04pm

I have a requirement where my services are scoped under organisations and projects.
Example -
Service - Dashboard API
I want to implement RBAC where a user in (project 1) has the access to Dashboard API and the same user may/may not have access to Dashboard API in (project 2).
Similarly, one user can also belong to multiple organisations but may have different access scopes for same set of services.
Auth0’s multi tenancy could solve my problem at an organisation level. But I don’t see how I can leverage auth0’s RBAC for my specific needs.

Can you guide me the best way to tackle this problem?

markd · June 8, 2020, 12:23pm

Hello @hoque.ximi,

I think this is still in beta at the moment, but “groups” are being added to the core authorization feature, which may suit your needs. E.g., combining a read scope on your API with group membership for “project”.

You need to request access to the groups beta.