For role-based access control (RBAC) to work properly, you must enable it for your API using either the Dashboard or the Management API. The Authorization Core functionality is different from the Authorization Extension. For a comparison, read Authorization Core vs. Authorization Extension.
We provide various functions to help you manage your roles, which you can access through either the Auth0 Dashboard or the Auth0 Management API: