All docs
This doc
Scopes enable fine-grained access control to API resources based on user roles. You define scopes to an API's resources. When a user invokes the API, his/her OAuth 2 bearer token cannot grant access to any API resource beyond its associated scopes. For a detailed description and a sample real world scenario, please see the article An Overview of Scope Management with WSO2 API Manager.