Rate this page

Authorization

By default, the access token provided by the client in the request (see Authentication) is used to control access to requested resources. The Ping Identity Data Governance Broker’s access control policies are customizable, but in general, the scopes granted by the access token determine which resources and attributes are returned.

If access controls determine that the client may not access the requested resource, then a response with a 403 status code will be returned.

HTTP/1.1 403 Forbidden
Content-Length: 177
Content-Type: application/scim+json
Date: Tue, 07 Jun 2016 22:40:48 GMT

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error"
    ], 
    "scimType": "insufficient_scope", 
    "status": 403,
    "detail": "Requested operation not allowed by the granted OAuth2 scopes."
}

For information about how to configure an application appropriately for SCIM API access, see configuring scopes in the Data Governance Broker client developer guide.