Roles, scopes, and permissions

In PingOne, user applications rely on self-management scopes to grant users access to a subset of PingOne resources. The self-management scopes control PingOne platform actions that users can execute on their accounts, such as updating their account details or changing their passwords.

For detailed information about scopes, refer to the following topics:

PingOne self-management scopes
OpenID Connect (OIDC) scopes
Custom scopes

Conversely, administrator applications use role assignments to determine the actions an actor can perform. Roles are a collection of permissions that determine the API calls an administrator can execute. For example, an actor with the Environment Admin role has hundreds of permissions, giving the admin far greater access to PingOne resources than a user with only a few self-management scopes.

For detailed information about roles in PingOne, refer to the following topics:

Administrator permissions and role assignments
Control access to applications through roles and groups

For more information about roles and their associated permissions, refer to Roles in the PingOne Platform API Reference.

PingOne Platform APIs

Roles, scopes, and permissions