Roles and Permissions
The first step to add authorization to your application is to add authentication. Once you guarantee that only authenticated users can access it, you should have more control over who can access what.
In an organization, a role defines what a user can or can't do. Roles are often used to reflect the organizational structure, departments, etc. In relatively small authorization systems, using roles is a fast way to manage access control of resources.
A permission is a declaration of an action that can be executed on a resource.
In Auth0, a role is a collection of permissions that you can apply to users, which can facilitate how you add, remove, and manage permissions because you handle them as a group rather than assigning them to users individually. For example, you could have a role author, and as permissions, you could have create:article, edit:article, and so on.
Creating and Assigning Roles with Auth0
For this blog post you'll need an Auth0 account and a registered API with Auth0, if you don't have one, you can sign up for free.
Get an Auth0 Account for free.
Get started →
Create a Role on Auth0
From the Auth0 Dashboard, click on User Management on the sidebar, then Roles. Click the + Create Role button to create a new role. Let's say we want a default role for users, so you can name it default_role and add a meaningful description, then click on Create.
create a login flow in the admin dashboard
add a custom flow
Top comments (0)