A POST /environments/{environmentId}/resources/{resourceId}/scopes
operation that includes the schemaAttributes
property creates a new PingOne API access control scope. The request URL specifies the new scope’s name by adding a suffix to one of the platform scopes that support access control. At this time, the following platform self scopes support access control:
p1:read:user
p1:update:user
The schemaAttributes
array lists the user schema attributes that the end user has permission to read or update. If a user attribute is not listed, end users cannot see or update its value.
The request body must specify a value for the scope’s name
property. The name
value includes the name of the platform scope and a descriptive suffix separated by a colon. For example, an access control scope that allows end users to update their email address only could be named p1:update:user:email-only
.