Prerequisites
- For role-based access control (RBAC) to work properly, you must enable it for your API using either the Dashboard or the Management API. The Authorization Core functionality is different from the Authorization Extension. For a comparison, read Authorization Core vs. Authorization Extension.
- Roles are selected from pre-defined values. If your list of roles is blank, you need to create a role.
- Set up an API in the Auth0 Dashboard.
- Permissions are selected from predefined values. If your list of permissions is blank, you need to add permissions to your API.
Dashboard
- Go to Dashboard > User Management > Roles and click the name of the role to view.
- Click the Permissions tab, then click Add Permissions.
- Select the API from which you want to assign permissions, then select the permissions to add to the role, and click Add Permissions.
Management API
Make aPOST call to the Add Role Permissions endpoint. Be sure to replace ROLE_ID, MGMT_API_ACCESS_TOKEN, API_IDENTIFIER, and PERMISSION_NAME placeholder values with your role ID, Management API , API identifier (), and permission name(s), respectively.
| Value | Description |
|---|---|
ROLE_ID | Τhe ID of the role for which you want to add permissions. |
MGMT_API_ACCESS_TOKEN | Access Token for the Management API with the scope update:roles. |
API_IDENTIFIER | This is the identifier of the API associated with the permission(s) you would like to add for the specified role, otherwise known as the audience. This is not the API ID. |
PERMISSION_NAME | Name(s) of the permission(s) you would like to add for the specified role. |