# Scope

Scope is a parameter as defined in the OAuth 2.0 standards (RFC6749) to enable a client to specify the scope of the access request. The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings although some implementations of scope uses a comma-delimited format. Scopes limit access for OAuth2 tokens and do not grant any additional permission beyond that which the client already has.

Scopes apply to applications only. Scopes play a crucial part in defining the ultimate access to a resource by a User.

User’s Roles / Permissions + Claims + Application Scopes

### Naming Conventions <a href="#conventions" id="conventions"></a>

Turium Enigma services follow these standard naming conventions for scopes.

```
Template: {resource}.{optional subresource}.{action}
Examples: mileage.rate.read
          receipts.read
```

### List of v4 Actions <a href="#actions" id="actions"></a>

`{actions}` are common authorizations across resources.

<table data-full-width="false"><thead><tr><th>Action</th><th>Description</th><th>Examples</th></tr></thead><tbody><tr><td><code>read</code></td><td>Read only access (GET)</td><td><code>receipts.read</code>, <code>budgetitem.read</code></td></tr><tr><td><code>write</code></td><td>Read AND Write access (GET, POST, UPDATE etc)</td><td><code>company.write</code>, <code>travel.receipts.write</code></td></tr><tr><td><code>writeonly</code></td><td>Write only access</td><td><code>mileage.journey.writeonly</code>, <code>receipts.writeonly</code></td></tr><tr><td><code>delete</code></td><td>Delete access</td><td>N/A</td></tr></tbody></table>