> ## Documentation Index
> Fetch the complete documentation index at: https://auth0-actions-triggers-prototype.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Understand the concept of authorization policies and how they apply in Auth0.

# Authorization Policies

Behind the scenes, role-based authorization uses a pre-configured authorization policy, which contains conditions that allow code to evaluate whether a user should be permitted to access a protected API.

The authorization policy determines:

* how to define and organize the users or roles that are affected by the policy
* what logic and conditions apply to the policy and whether their outcome permits or denies access

When using Auth0's core authorization and [role-based access control (RBAC)](/docs/manage-users/access-control/rbac), the policy includes evaluating the roles and permissions assigned to users. To use these features, you must [enable role-based access control for APIs](/docs/get-started/apis/enable-role-based-access-control-for-apis).

You can further customize the authorization policy by using [rules](/docs/customize/rules). To learn more, read [Rules for Authorization Policies](/docs/manage-users/access-control/rules-for-authorization-policies).