Forgive me but I’m very new to auth0 concepts and trying to figure something out.
I can see how to use RBAC to secure access to static API endpoints based on a user’s role.
But the problem I’m trying to solve is to secure an API to prevent user 1 from accessing user 2’s data. For example, user 1 should not be able to get /resource/ even if they are logged in properly.
Since the UUID is a path parameter of our api, how can I authorize a given user to only access their data, at the API level? I’ve read about API permissions, and can certainly create a permission for this use case, but I’m not sure how the permission is mapped to the specific route involving a path parameter for the user.
Thanks!