For role-based access control (RBAC) to work properly, you must enable it for your API using either the Dashboard or the Management API. The Authorization Core functionality is different from the Authorization Extension. See Authorization Core vs. Authorization Extension for a comparison.
We provide various functions to help you manage your roles, which you can access through either the Auth0 Dashboard or the Auth0 Management API: