Auth0 Home Blog Docs

Invite other account



I have a working scenario in which users signup/signin correctly and they have access to some features. Is there a way to invite a different user (using his email) and access the same features?


The above information is insufficient to provide an answer. You should clarify your situation and include additional context information.


Thanks for reply.
We are using AWS to access specific DB resources. When an account is made through Auth0, that account is able to read/write information from AWS (DynamoDB row based restriction).
What I want is to be able invite an other email to ONLY read information from the same account. Basically the main Auth0 account will be considered as Admin then starting from there I should be able to invite other emails that can only READ data.

I hope it makes sense.


I’m assuming you’re using delegation with AWS roles and if that’s the case unless I missed something (which is likely as I’m not very experienced with AWS) you would have a role that allows read/write and another that allows only read.

You can then have a rule as shown in this documentation that performs the role assignment depending on the user that is currently authenticating. A possible way to know which role the current user should be assigned would be to maintain that information as part of the user app_metadata. In conclusion, at creation time you would set information in app_metadata that would allow to know which privileges the user has.


Thanks for reply.

What you mentioned is what you currently use in some ways. Practically we have 2 roles now: one which is Admin (Read write role) and one Read role. Problem is that each account with Admin role has a unique auth0|id , and that ID is tied of the DynamoDB row based restriction…practically only that auth0|id can access the database information. If I create an new account with Read role permission they won’t be able to access the same data as the Admin auth0|id.

Maybe there is a way to link accounts or to give more permissions at delegation level…
I hope it makes sense.


Okay, if I understood correctly the permission in AWS use the Auth0 user identifier to check if the user is allowed to access particular data or not. Given that relationship, at first glance, I don’t see a way to give read-only permissions to a different user account as it is a requirement of the service to have unique user identifiers within a single tenant so that other account would have a different identifier.