I would like to understand what kind of damage can be done by setting AUTH0_ALLOW_DELETE to true in the config.json file. I don’t see any real explanations in the docs of this parameter.
For context we are running branch-based deployments into 3 different Auth0 tenants for development, staging and production. By merging into the different branches, a build is kicked off that runs a0deploy with the correct config for that tenant/environment. All Auth0 tenant configuration is controlled from code i.e. no one makes any manual changes on the tenants.
At the moment I have set AUTH0_ALLOW_DELETE to true in development. I am now considering what this value should be for staging and (especially) production. I also see that most examples in the Auth0 docs have this value set to false (but with no explanation).
So my main question is: what can go wrong in production with this value set to true? e.g. losing our users would be the ultimate disaster scenario, but I don’t see how this could happen using this tool