It’s not clear from the documentation when Core RBAC is applied - is it before Rules, or after Rules? Which Action triggers fire before RBAC is applied to the requested scopes?
And the real point I’m getting at is: will Role assignment changes performed in Rules or Actions affect the RBAC outcome of the current pipeline?
Hi @bschreiber,
Welcome to the Auth0 Community!
Yes, using Rules or Actions to make Role assignment changes will affect the RBAC of your current pipeline.
So, in a scenario where a user’s role changed to one with more permissions using an Action, then the user will be treated as the updated role.
Please let me know if there’s anything else I can do to help.
Thank you.