Best approach to dealing with app user permissions

Hi, we have an in house application where the users (and groups) are already managed by Okta.
We would like to add permissions that will be managed in Okta by the applications’ admins.
I’m wondering about the best approach for this.
What I’ve tried so far is creating custom attributes for the application, with group permissions, user permissions, and an override checkbox (user permissions are only applied if the override checkbox is checked). This is since an attribute can be only for groups or only for users:

Then I went to “Authorization Servers” and added a custom claim for each of the above which is always included in the token.
I have several issues:

1. Is this the best approach?
2. In order for this to only be part of the token once the user logs in to my specific app, I probably need to add a custom scope. Is there a way to configure this claim to be included only for a specific app?

Thanks

Thank you for reaching out here on the Okta Developer Forum. We noticed that your question is more closely related to Custom Roles. To ensure you receive the most accurate and timely assistance, we recommend reposting your query on Okta’s Community at: Okta Help Center (Lightning)

Okta’s teams on the Community are better equipped to provide the comprehensive support and guidance you need as they have the specialised knowledge and expertise this particular issue.

We appreciate your understanding and are committed to ensuring you receive the best possible support. If you have any other questions or issues related to Okta’s developer tools and API’s, feel free to post them here, and we’ll be happy to assist!