Where in the pipeline is Core RBAC performed?

It’s not clear from the documentation when Core RBAC is applied - is it before Rules, or after Rules? Which Action triggers fire before RBAC is applied to the requested scopes?

And the real point I’m getting at is: will Role assignment changes performed in Rules or Actions affect the RBAC outcome of the current pipeline?

Hi @bschreiber,

Welcome to the Auth0 Community!

Yes, using Rules or Actions to make Role assignment changes will affect the RBAC of your current pipeline.

So, in a scenario where a user’s role changed to one with more permissions using an Action, then the user will be treated as the updated role.

Please let me know if there’s anything else I can do to help.

Thank you.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.