Hi @danny4,
Welcome to the Auth0 Community!
In this scenario, I recommend using Role-Based Access Control (RBAC) with the Authorization Core. With this approach, you will need to create an API that defines these permissions. Then assign the permissions to the users to grant them access to specific resources.
In cases where many users share similar permissions, you could assign them a Role that defines those sets of permissions.
By doing so, your users will have access to specific resources depending on their roles or permissions after logging into your app.
Please let me know if you have any further questions.
Thank you.