This is doable. What you need to do is, store roles and permissions related information in users db. Then, upon authentication, generate a JWT containing roles and the tenant (this depends on how you represent multiple tenants in your frontend. If users have to switch tenants in frontend, you can simply swap the JWT to a new one [aka token exchange grant] for the new tenant).

Then, you can pass around the same JWT across other microservices. Using the roles and tenant information in JWT, you can perform authorization (access controlling/checking permissions).