Including permissions in bulk import

john.boldt · March 26, 2020, 4:09pm

Is there a way to assign permissions during bulk upload? I don’t see permissions listed in the bulk upload schema. One approach would be to stash the permissions in meta data then use a hook to apply the permissions using the meta data as the source, but this sounds too hackish to me.

dan.woda · March 31, 2020, 8:03pm

Hi @john.boldt,

It doesn’t look like you will be able to import permissions with the import job endpoint or extensions. The best way I can suggest is to either import them as app_metadata as you have suggested (and convert them in a rule), or to add them after the import programmatically using the management API.

Hope this helps!
Dan

john.boldt · April 9, 2020, 9:47pm

Thanks @dan.woda! Placing the permissions in app_metadata works fine. I was hoping I could then set the JWT’s permissions claim in the rule after the user is authenticated, but apparently you’re not allowed to overwrite the permissions claim. Am I correct?

dan.woda · April 13, 2020, 5:02pm

Instead of writing them to permissions or a custom claim every time the rule is run, have the rule import them via the management API when the user has permissions in app metadata, then delete them from app_metadata when finished. Be careful using the management api in rules, as you can quickly hit the rate limit if you are calling it every authentication. I wrote you a rule that goes through the general flow. Be sure to test this before putting into production . Something like this:

function (user, context, callback) {
    user.app_metadata = user.app_metadata || {};
  
    if(!user.app_metadata.importedPermissions) {
      	console.log("no permissions in app_metadata");
        return callback(null, user, context);
    }
		
    var ManagementClient = require('auth0@2.23.0').ManagementClient;
    var management = new ManagementClient({
      token: auth0.accessToken,
      domain: auth0.domain
    });

    var params =  { id : user.user_id };
    var data = { "permissions": user.app_metadata.importedPermissions};

    management.assignPermissionsToUser(params, data, function (err) {
        if (err) {
            console.log(err);
        } 
      	else {
          	console.log("added permissions to user");
            delete user.app_metadata.importedPermissions;
    				auth0.users.updateAppMetadata(user.user_id, user.app_metadata, function() {
            if(err) {
            	console.log(err);
            } 
            else {
            	console.log("removed permissions from app_metadata");
            }}); 
        }
    });

    callback(null, user, context);
}

This is expecting app_metadata to have this schema:

  "importedPermissions": [
    {
      "permission_name": "do:something",
      "resource_server_identifier": "https://test-api"
    }
  ]

dan.woda · April 27, 2020, 9:08pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Assign Role to Users when Bulk Importing via Management API Help user-import	9	5390	March 29, 2022
Bulk user export: include permissions Help export-user	4	3327	July 16, 2021
Assigning Roles As Part Of A Bulk User Import Or Doing A Bulk Grant Help roles , user-import , bulk-user-import	6	4558	October 23, 2020
Bulk import users json file Help auth0 , management_api , bulk-user-import	3	2545	February 1, 2023
Bulk Update User Profile Details Using the Management API Knowledge Articles management-api , user-management , postman , bulk-user-import , upsert	3	6242	May 30, 2024

Including permissions in bulk import

Related topics