This topic describes how to add OAuth scopes to an application in Resource Access Management (RAM). You can use OAuth scopes to grant the application permissions for Alibaba Cloud resources.
Add OAuth scopes
Log on to the RAM console as a RAM user who has administrative rights.
In the left-side navigation pane, choose .
On the Enterprise Application tab, find the application that you want to manage.
On the OAuth Scope tab, click Add OAuth Scope.
In the Add OAuth Scope panel, select the scopes that you want to add.
NoteThe aliuid and profile scopes are related to ID tokens, and other scopes are related to access tokens.
Click OK.
Configure the required OAuth scopes
After you add OAuth scopes, you can select and clear the required OAuth scopes in the OAuth scope list. For more information, see Add OAuth scope. If Set to Required is selected for an OAuth scope, the required OAuth scope is automatically selected and cannot be canceled when a user grants permissions on the application.
Set to Required
In the OAuth scope list, click Set to Required in the Actions column.
Make sure that the current application requires the permissions. The application must ensure data security and meet regulatory and compliance requirements to use the data and permissions.
Cancel Required
In the OAuth scope list, click Cancel Required in the Actions column.