User permissions on custom resources

danny4 · February 8, 2022, 7:34pm

We are building an application that is going to create many custom resources. We want to assign users with edit, view, and ownership permissions on those resources. What is the best way to do this in Auth0?

Because Auth0 limits the number of permissions a user has to 1,000, I am thinking that I’d run up against that limit for power users.

danny4 · February 9, 2022, 10:11pm

@dan.woda @konrad.sopala @rueben.tiow first post isn’t getting any love. Can you help?

rueben.tiow · February 9, 2022, 11:42pm

Hi @danny4,

Welcome to the Auth0 Community!

In this scenario, I recommend using Role-Based Access Control (RBAC) with the Authorization Core. With this approach, you will need to create an API that defines these permissions. Then assign the permissions to the users to grant them access to specific resources.

In cases where many users share similar permissions, you could assign them a Role that defines those sets of permissions.

By doing so, your users will have access to specific resources depending on their roles or permissions after logging into your app.

Please let me know if you have any further questions.

Thank you.

danny4 · February 10, 2022, 2:58am

Hey @rueben.tiow -

Appreciate the warm welcome! We’re still having a bit of trouble understanding how to use Auth0 for our use case.

There are N users
There are M documents (M is large)
Users can create documents and share documents with others (think Google Docs). If a user does have access to a document, the user can have OWNER, VIEW, or EDIT permissions.

How would you model this in Auth0? Based on this, it seems this may not be possible in Auth0?

srkin439 · February 10, 2022, 7:26am

Thanks for sharing this information. It was useful.

rueben.tiow · February 10, 2022, 11:35pm

Hi @danny4,

Thank you for your response and for sharing your use case.

Unfortunately, it’s not possible to assign permissions to users per resource basis. Moreover, the Community topic you shared confirms that this feature is unsupported in our current stack.

In the topic, the purposed workaround solution #2 is a valid approach but is limited to 1000 assigned user permissions as stated in our Entity Limit Policy. Therefore, although it is possible to hack around it, it’s not a scalable or maintainable approach.

With that said, I recommend upvoting on the Role assignments with a resource filter feedback request asking support for role assignments with a resource filter.

Doing so will increase the votes leading to a higher implementation priority.

Please let me know if there’s anything else I can do to help.

Thank you.

system · February 25, 2022, 11:36pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.