It’s not clear from the documentation when Core RBAC is applied - is it before Rules, or after Rules? Which Action triggers fire before RBAC is applied to the requested scopes?
And the real point I’m getting at is: will Role assignment changes performed in Rules or Actions affect the RBAC outcome of the current pipeline?
Welcome to the Auth0 Community!
Yes, using Rules or Actions to make Role assignment changes will affect the RBAC of your current pipeline.
So, in a scenario where a user’s role changed to one with more permissions using an Action, then the user will be treated as the updated role.
Please let me know if there’s anything else I can do to help.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.