This topic describes how to add OAuth scopes to an application in Resource Access Management (RAM). You can use OAuth scopes to grant the application permissions for Alibaba Cloud resources.
Add OAuth scopes
Log on to the RAM console with an Alibaba Cloud account.
In the left-side navigation pane, choose .
On the Enterprise Applications tab, find the application that you want to manage.
On the Application OAuth Scopes tab, click Add OAuth Scopes.
In the Add OAuth Scopes panel, select the scopes that you want to add.
NoteThe aliuid and profile scopes are related to ID tokens, and other scopes are related to access tokens.
Click OK.
Configure the required OAuth scopes
After you add OAuth scopes, you can select and clear the required OAuth scopes in the OAuth scope list. For more information, see Add OAuth scope. If Set to Required is selected for an OAuth scope, the required OAuth scope is automatically selected and cannot be canceled when a user grants permissions on the application.
Set to Required
In the OAuth scope list, click Set to Required in the Actions column.
In the message that appears, read the description and click OK.
ImportantMake sure that the current application requires the permissions. The application must ensure data security and meet regulatory and compliance requirements to use the data and permissions.
Cancel Required
In the OAuth scope list, click Cancel Required in the Actions column.
In the message that appears, click OK.