Hello,
We’re currently investigating using Auth0 for authentication and authorization within our B2B SAAS.
Our current sticking point is trying to figure out how implement the following type of RBAC within Auth0:
- Roles and permissions at an organisational level, i.e super admin with full access rights, a role in which you can create a project
- Roles within a specific project, distinct to organisational level roles, i.e a role where someone can add tasks to a specific project and and not all projects.
Any ideas how something like this can be implemented with Auth0?
Hi @duncan.bain,
Welcome to the Auth0 Community!
I understand that you would like to implement RBAC in the context of an Organization.
Yes, this is possible! I have outlined a couple of steps to follow to configure RBAC in the context of an Organization:
- First, you will need to configure RBAC: Configure Core Authorization Features for Role-Based Access Control
- On step 4, you will need to assign users to Roles in the context of an Organization: Add Roles to Organization Members
Take note that there is a difference between assigning roles to users globally versus in the context of an Organization. I recommend reading this FAQ for more information.
Please let me know if you have any further questions or need clarification on the implementation.
Thanks,
Rueben