I have seen Kim Maida’s posts on RBAC and Authorization extension. Wanted to know if Auth0 is considering the use case of resource filtering.
Specifically, let’s say a group of users has role
Device Operator, but only for devices with classification of
xyz. In this case, I would like to store an opaque “filter string” with the assignment which is made available at the time of authorization (in a rule context or token).
Then the resource service can use this filter to further restrict which devices, a user in that group will be allowed to access.