@obi,
That makes sense to me. You should be able to assign a group to that user in a Rule.
The Authorization extension has its own API, and will allow you to do the things you are mentioning. Take a look at the API explorer here. It takes a minimal amount of setup to get working.
https://auth0.com/docs/api/authorization-extension
Just to let you know, we are in beta with a groups functionality for the authorization core (basically the non-extension version of RBAC.) At some point the extension will be deprecated and users will be encouraged to switched to the authorization core. If you’re interested, you should check out the beta!
Hope this helps,
Dan