Hi there @mathias.mahlknecht welcome to the community!
That’s correct, Auth0 does not currently support sub-organizations. Typically, what I have seen implemented is a tenant per customer + Organizations or simply an Organization per what would be “nested” Organization where each of these has their own database assigned.
The following thread has some good information regarding a user switching Organizations:
Here is an FAQ regarding adding roles to tokens:
https://community.auth0.com/t/how-to-add-roles-and-permissions-to-the-id-token-using-actions/84506
Regarding:
Are you able to elaborate on what you mean here? No roles will exist at /api/v2/users/{id} but rather /api/v2/users/{id}/roles for top level roles and /api/v2/organizations/{id}/members/{user_id}/roles for Organization specific roles.
I did also find an existing Feedback request for sub-organizations:
Hope this helps!