---
title: Roles, scopes, and permissions
description: In PingOne, user applications rely on self-management scopes to grant users access to a subset of PingOne resources. The self-management scopes control PingOne platform actions that users can execute on their accounts, such as updating their account details or changing their passwords.
component: pingone-api
page_id: pingone-api:foundations:pingone-roles-scopes-and-permissions
canonical_url: https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions.html
---

# Roles, scopes, and permissions

In PingOne, user applications rely on self-management scopes to grant users access to a subset of PingOne resources. The self-management scopes control PingOne platform actions that users can execute on their accounts, such as updating their account details or changing their passwords.

For detailed information about scopes, refer to the following topics:

* [PingOne self-management scopes](pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html)

* [OpenID Connect (OIDC) scopes](pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/openid-connect-oidc-scopes.html)

* [Custom scopes](pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/custom-scopes.html)

Conversely, administrator applications use role assignments to determine the actions an actor can perform. Roles are a collection of permissions that determine the API calls an administrator can execute. For example, an actor with the Environment Admin role has hundreds of permissions, giving the admin far greater access to PingOne resources than a user with only a few self-management scopes.

For detailed information about roles in PingOne, refer to the following topics:

* [Administrator permissions and role assignments](pingone-roles-scopes-and-permissions/administrator-permissions-and-role-assignments.html)

* [Control access to applications through roles and groups](pingone-roles-scopes-and-permissions/control-access-to-applications-through-roles-and-groups.html)

For more information about roles and their associated permissions, refer to [Roles](../platform/roles.html) in the *PingOne Platform APIs*.