A few clarification questions on roles: I have a role “authenticatedOnly” and it has a relation (via dashboard) to another role “verifiedUser”, (1) this make “verifiedUser” the child of “authenticatedOnly”, is that correct? (2) If so, “verifiedUser” gets same permissions as “authenticatedOnly” has, but not vice-versa, correct? For example, ClassA has CLP giving R/W permissions to “authenticatedOnly”, then users with role “verifiedUser” would have R/W permissions on ClassA, but ClassB has CLP giving R/W permissions to “verifiedUser” only, then users with role “authenticatedOnly” would have no permissions. Is this correct?
(3) A bit of an extension to this, for direct signup via email and password, what is the suggested way to catch that a user has verified their email address? Is there a Cloud trigger, or should the client app ask the server to check for update?