Update on Authorization Core RBAC roadmap

Hi, could we get any update on when the features of Authorization Core RBAC marked as ‘In future release’ in https://auth0.com/docs/authorization/authorization-core-vs-authorization-extension are expected to be shiped?


Hey there Tom!

Which one are you particularly interested in? I’ll follow up on that with our product team and will let you know!

Ping ping friendly ping :slight_smile:

Hi Conrad, thanks for the friendly ping! :slight_smile:

so the initial need is to be able to have all RBAC functionality being ‘stored’ in Auth0. That said - the more flexibility, the better. There is no groups support in Authorization Core as of new. I think that is the biggest milestone, isn’t it? So why not start there? :slight_smile: I believe this is the complex one, but this is the final model and having added this things should be heading towards the initial ‘complete’ status :slight_smile: Maybe, not sure.

As for the current status. Had my website’s CMS - opened it to look how they implemented RBAC and thought would it be possible to replicate this with current Authorization Core functionality.

Ok, so no groups. Check. In the middle picture - general permissions. Seems that Check. On the right side - per-item based permissions - ghm, do you think that’s currently doable?

And lastly - it’s been couple of months since I last played with Auth0 RBAC, but plan to do that soon on one of my projects. If I may ask, the current RBAC flow is as follows:
a) user send the token on login;
b) use management api to get RBAC settings;
c) cache response in memcache VS sync the RBAC settings to local database;
d) set the cache to token duration and invalidate if permissions were changed in auth0 interface or someone played with RBAC settings in user-facing app.

And one more specific question - in step c), which is the recommended/most used approach - caching response from auth0 or storing data to db?

These are my several thoughs and questions on the topic :slight_smile: Thank you so much for getting back, and once again - for the ping! :slight_smile:

Kindest regards,

Hey Konrad,

this time i’m sending a friendly ping! :slight_smile:

Kindest greetings,