I'm setting up a wso2 apim with wso2 is as key manager. I would like only users with a certain role to be able to get scope on IS.
For example, if I have a role X and the user USER has the role X only this user must be able to obtain the relative scope, which will then be used by APIM to access the resource, is it possible?
Yes, this is possible.
As the first step, you need to create different roles/ groups in the user store using the Carbon console.
Next, you need to do the role-user mapping using the Carbon console.
Next, you need to create a new Global Scope using the Publisher portal and associate it with the role/ group.
As the final step, you need to associate your newly created Scope with whatever resources you need to protect with this scope.
For more information - https://apim.docs.wso2.com/en/latest/design/api-security/oauth2/oauth2-scopes/fine-grained-access-control-with-oauth-scopes/
