Ping Identity Data Governance Server

Data Governance Server Documentation Index
Configuration Reference Home

Resource OAuth2 Scope

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

An access token granted a Resource OAuth2 Scope may be presented at a SCIM endpoint to perform operations on SCIM resources. Each Resource OAuth2 Scope is specific to a single SCIM Resource or Sub-Resource Type, describes the operations that can be performed against resources of the specified type, and defines which resource attributes on which those operations may be taken.

↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage

Parent Component

The Resource OAuth2 Scope component inherits from the OAuth2 Scope

Relations from This Component

The following components have a direct aggregation relation from Resource OAuth2 Scopes:

SCIM Resource Type

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ token-name	None
↓ description
↓ tag
↓ scim-resource-type
↓ resource-operation
↓ resource-attribute

Basic Properties

token-name (Read-Only)

Description	An OAuth 2.0 access token scope compliant with RFC 6749. The following characters are not permitted: space, '"', '\', '+' and ','.
Default Value	None
Allowed Values	An OAuth 2.0 access token scope compliant with RFC 6749. The following characters are not permitted: space, '"', '\', '+' and ','.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

description

Description	A description for this OAuth2 Scope
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

tag

Description	Tags associated with this OAuth2 Scope. Tags are arbitrary additional properties that may be examined by XACML policies.
Default Value	None
Allowed Values	A string
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

scim-resource-type

Description	The resource type that may be accessed by this Resource OAuth2 Scope.
Default Value	None
Allowed Values	The DN of any SCIM Resource Type. The associated resource type must exist.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

resource-operation

Description	The operations allowed by this Resource OAuth2 Scope on the specified resource or sub-resource attributes.
Default Value	None
Allowed Values	retrieve - Indicates that this scope may be used to retrieve attributes from a resource. modify - Indicates that this scope may be used to modify resource attributes. This corresponds to a SCIM PATCH or PUT operation. create - Indicates that this scope may be used to create a new instance of a resource. delete - Indicates that this scope may be used to delete resource instances. search - Indicates that this scope may be used to search for resources using a SCIM filter.
Multi-Valued	Yes
Required	Yes
Admin Action Required	None. Modification requires no further action

resource-attribute

Description	The resource or sub-resource attributes for which this Resource OAuth2 Scope allows access. The type of access is determined by the resource-operation property. A value of "*" indicates that all attributes are accessible. Retrieval of common attributes schemas, id, and meta will always be allowed if the resource-operation includes the retrieve operation.
Default Value	None
Allowed Values	A string
Multi-Valued	Yes
Required	Yes
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured OAuth2 Scopes:

dsconfig list-oauth2-scopes
     [--property {propertyName}] ...

To view the configuration for an existing OAuth2 Scope:

dsconfig get-oauth2-scope-prop
     --scope-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing OAuth2 Scope:

dsconfig set-oauth2-scope-prop
     --scope-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Resource OAuth2 Scope:

dsconfig create-oauth2-scope
     --scope-name {name}
     --set scim-resource-type:{propertyValue}
     --set resource-operation:{propertyValue}
     --set resource-attribute:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing OAuth2 Scope:

dsconfig delete-oauth2-scope
     --scope-name {name}