delegated_rule.md

function (user, context, callback) {
    console.log("executing rule ");
    if (context.clientID === 'ULw7vqL2WK41DIwc2r4QxP78bISpQ2pN') {
       console.log("Adding claim rule ");
        const namespace = 'https://example.com/auth0-delegated-admin';
        context.idToken[namespace] = {
            roles: (context.authorization || {}).roles
        };
    }
    console.log(context.idToken);
    callback(null, user, context);
}

Filter Hook

function(ctx, callback) {
  // Get the department from the current user's metadata.
  var department = ctx.request.user.app_metadata && ctx.request.user.app_metadata.Department;
  if (!department || !department.length) {
    return callback(new Error('The current user is not part of any department.'));
  }

  // The IT department can see all users.
  if (department === 'IT') {
    return callback();
  }

  // Return the lucene query.
  return callback(null, 'app_metadata.Department:"' + department + '"');
}

Access Hook

function(ctx, callback) {
  if (ctx.payload.action === 'delete:user') {
    return callback(new Error('You are not allowed to delete users.'));
  }

  // Get the department from the current user's metadata.
  var department = ctx.request.user.app_metadata && ctx.request.user.app_metadata.Department;
  if (!department || !department.length) {
    return callback(new Error('The current user is not part of any department.'));
  }

  // The IT department can access all users.
  if (department === 'IT') {
    return callback();
  }

  ctx.log('Verifying access:', ctx.payload.user.app_metadata.Department, department);

  if (!ctx.payload.user.app_metadata.Department || ctx.payload.user.app_metadata.Department !== department) {
    return callback(new Error('You can only access users within your own department.'));
  }

  return callback();
}

In the app_metadata, set the following field for department

"Department": "Informantion Management"