Required Permissions

Zoom is introducing Classic and granular scopes to allow users to be more specific about the level of access granted to third-party apps. For more information on scopes, refer to OAuth Scopes.

  • Classic Scopes

    Classic scopes provide a way to limit the amount of access granted to an app. Zoom has user-level, admin-level, and Master-level scopes.Previously-created apps use the previously-available scopes, now called classic scopes. If you upgrade your app you will still be able to use classic scopes.

    The following scopes are required for aggregation, provisioning, and deprovisioning:

    • user:read:admin

    • user:write:admin

    • account:read:admin

    • account:write:admin

    • group:read:admin

    • group:write:admin

    • meeting:read:admin

    • meeting:write:admin

    The minimum requirements for scopes and their connector operations are as follows:

    Connector Operation

    Scope

    User - Read + Write (Create, Update, Enable, Disable, Entitlement Assignment, and Removal)

    user:write:admin

    Group - Read + Write (Aggregation and Get Groups)

    group:write:admin

  • Granular Scopes

    Granular scopes enable developers to practice the principle of least privilege so that users can provide access to the minimal amount of information required by your app. Newly created apps use granular scopes, including new apps created using the new build flow. New apps can also set which scopes are required and which are optional.

    The following scopes are required for aggregation, provisioning, and deprovisioning:

    • user:read:list_users:admin

    • user:read:user:admin

    • group:read:list_groups:admin

    • user:update:status:admin

    • user:write:user:admin

    • group:write:member:admin

    • group:delete:member:admin

    • user:update:password:admin

    • user:update:user:admin

    The requirements for scopes and their connector operations are as follows:

    Connector Operation

    Scope

    User - Read + Write (Create, Update, Enable, Disable, and Removal)

    user:read:list_users:admin

    user:read:user:admin

    user:write:user:admin

    user:update:status:admin

    user:update:password:admin

    user:update:user:admin

    Group - Read + Write (Aggregation, Add groups, Remove Groups)

    group:read:list_groups:admin

    group:write:member:admin

    group:delete:member:admin

For Activity Insights

An administrator requires the following additional permission to utilize the Activity Insights:

Description

Scope

View a user's usage reports

report:read:user:admin

View users usage reports

report:read:list_users:admin

View a meeting's participant

meeting:read:participant:admin

For more information on configuring Activity Insights, refer to Activity Insights Settings.