I would like to support a scenario where a user belongs to multiple groups and has different permissions in each one.
For example, Bob is in Department A and Department B. In Department A, Bob can create Vendors and in Department B, Bob can approve Invoices.
I was thinking of implementing this using the Authorization Extension and creating a group for each Department and placing Bob in both groups. But it seems that when getting permissions for Bob using the API I cannot specify which group permission I’m interested in. I can only get the total permissions for Bob and they are the union of all his permissions so the result is that Bob can both approve Invoices and create Vendors.
Is there an API in Auth0 that will do what I want, should I architect things different in Auth0 or is Auth0 not suitable for this and I should use business logic in my app to make these decisions?