Auth0 FGA's dashboard now supports Per-Member Authorization, introducing a role-based access control system for enterprise teams. The feature adds four roles: Account Owner, Group Manager, Store Editor, and Store Viewer. Groups allow bulk permission assignment, and store-level scoping lets teams have different access levels across staging and production stores. Notably, the feature was built using Auth0 FGA itself, demonstrating Relationship-Based Access Control (ReBAC) with relationship tuples and an authorization model. The post also walks through a simplified version of the underlying FGA authorization model and explains how group membership chains enable permission inheritance.
Table of contents
The "Super Admin" ProblemWhat Is Auth0 FGA?Building an FGA Feature with FGAMembers, Groups, and ScopingThe New RolesLooking at the Authorization ModelBuilding More RolesUsing Roles in Auth0 FGASort: