Import/export of Role IDs between tenants

Is there a way to customize/specify role ID when working with Auth0 Deploy CLI? I suspect the answer is no and have raised a feature request, but if there’s a way to achieve what I’m looking for, I would appreciate some pointers.

Specifically, role ID should be the same across all tenants. Currently, that doesn’t seem to be possible.

This is a follow up to the parent post I asked awhile ago.

@dan.woda is this something you could assist with? Thank you.

Hi @sean.feldman,

I can’t find a way to do this with the Deploy CLI.

Are you able to get custom role IDs to work at all?

No, Deploy CLI Tool doesn’t allow it and I can’t think of any other way.
I’ve elaborated on the GitHub issue why for roles it needs to be consistent among different environments but I don’t know of any other way to even try to accomplish it.

It doesn’t look like this is a limitation of the Deploy CLI, but rather a general limitation of the product. I can’t find a way to create a custom role id at all.

The best course of action here is a Feature Request for custom role ids. With that said, I don’t see many other requests for it internally, and would suggest planning a workaround.

Thank you, @dan.woda. I’ve raised an issue in GitHub and carry the discussion there. I don’t agree that role IDs should be unique per tenant when tenants are the same system environments, but that’s something to discuss on that GitHub thread :slightly_smiling_face:

I’m not disagreeing with you, I’m simply pointing out the fact that Deploy CLI does not have any control over whether or not you can customize a role ID, and no PR to that repo can make the change you are looking for. :smile:

Indeed. That’s why I’m looking forward to seeing if there are any other suggestions, better than the workaround I’m describing in the issue.

Have you considered a wrapper function that accepts role name, gets the list of available roles from the management API, and maps the role name to ID?

Rather than doing that, my idea was to extract role IDs into settings that are set per environment (tenant) and eliminate the unnecessary lookup/mapping from name to ID. And all that is because roles are not changing, it would be much simpler to have the same role ID everywhere. Especially when the REST API requires a role ID to either assign a user to a role or list all users with a given role.