Required Permissions
Zoom is introducing Classic and granular scopes to allow users to be more specific about the level of access granted to third-party apps. For more information on scopes, refer to OAuth Scopes.
-
Classic Scopes
Classic scopes provide a way to limit the amount of access granted to an app. Zoom has user-level, admin-level, and Master-level scopes.Previously-created apps use the previously-available scopes, now called classic scopes. If you upgrade your app you will still be able to use classic scopes.
The following scopes are required for aggregation, provisioning, and deprovisioning:
-
user:read:admin
-
user:write:admin
-
account:read:admin
-
account:write:admin
-
group:read:admin
-
group:write:admin
-
meeting:read:admin
-
meeting:write:admin
The minimum requirements for scopes and their connector operations are as follows:
Connector Operation
Scope
User - Read + Write (Create, Update, Enable, Disable, Entitlement Assignment, and Removal)
user:write:admin Group - Read + Write (Aggregation and Get Groups)
group:write:admin
-
-
Granular Scopes
Granular scopes enable developers to practice the principle of least privilege so that users can provide access to the minimal amount of information required by your app. Newly created apps use granular scopes, including new apps created using the new build flow. New apps can also set which scopes are required and which are optional.
The following scopes are required for aggregation, provisioning, and deprovisioning:
-
user:read:list_users:admin
-
user:read:user:admin
-
group:read:list_groups:admin
-
user:update:status:admin
-
user:write:user:admin
-
group:write:member:admin
-
group:delete:member:admin
-
user:update:password:admin
-
user:update:user:admin
The requirements for scopes and their connector operations are as follows:
Connector Operation
Scope
User - Read + Write (Create, Update, Enable, Disable, and Removal)
user:read:list_users:admin
user:read:user:admin
user:write:user:admin
user:update:status:admin
user:update:password:admin
user:update:user:admin
Group - Read + Write (Aggregation, Add groups, Remove Groups)
group:read:list_groups:admin
group:write:member:admin
group:delete:member:admin
-
For Activity Insights
An administrator requires the following additional permission to utilize the Activity Insights:
Description |
Scope |
---|---|
View a user's usage reports |
report:read:user:admin |
View users usage reports |
report:read:list_users:admin |
View a meeting's participant |
meeting:read:participant:admin |
For more information on configuring Activity Insights, refer to Activity Insights Settings.