This may be covered in some of the quickstarts, but i’m not an auth guy, so I may just not understand what is what. I want to create a few roles that have specific privileges in my app. For example… we have a blog feature. I want to create a role called “ContentCreator”. In the React application I have a “New Blog” button that I want to only render if the person logged in has the role “ContentCreator”. Likewise… I’d like to create an “Admin” role that can delete objects in the app for housekeeping. For example… normally only if the owner of the blog matches the user, would we render a “Delete Blog” button. But, if the signed in user has the “Admin” role, they should also be able to see the “Delete Blog” button.
Make sense?
So… is this something I would/could do with Auth0 Roles? Or do I need to set this up as user attributes in my database? If in Auth0… how?
Hi @dan.woda - Thanks for the reply. I read that post. The part I’m confused about is it talks about enabling “Enable RBAC for API”, but I don’t want to use this in an API… I want to use it in my core application (my react app).
You can still use roles in your react app, even though they are intended to be associated to permissions. This can help you render the correct UI elements like you mentioned.
How are you going to restrict a user from being able to create/edit/delete a blog? Are you checking the tokens in your backend?
Yes… both on the front end and back end. I have set up an Auth0 API for my Dgraph/Graphql server as well as my URL signer API (a separate REST API that just creates short lived signed URL’s for a secure object store). I just want to conditionally render some objects in my front end based on role.