Device Management API Scopes

The permission to invoke the APIs are assigned via scopes. You can define all the scopes and generate an access token that can invoke all the APIs or you can generate an access token that only has the required scope to invoke a specific API. For more information on how to generate the access token, see Obtaining the access token.

Take a look at all the device management API scopes.

Scope	Description
`perm:sign-csr`	Permission to sign the iOS CSR certificate.
`perm:admin:devices:view`	Permission to get the details of a device as the administrator.
Managing user roles
`perm:roles:add`	Permission to add a user role.
`perm:roles:add-users`	Permission to add users to a user role.
`perm:roles:update`	Permission to update a user role.
`perm:roles:permissions`	Permission to define device management permissions to the user role.
`perm:roles:details`	Permission to view user role details.
`perm:roles:view`	Permission to view the list of user roles.
`perm:roles:create-combined-role`	Permission to combine two roles and create one role.
`perm:roles:delete`	Permission to delete a user role.
Managing devices
`perm:get-activity`	Permission to get the activity details of a device.
`perm:devices:delete`	Permission to delete a device.
`perm:devices:applications`	Permission to get the details of the applications installed on a device.
`perm:devices:effective-policy`	Permission to get the details of the policy that is enforced on a device.
`perm:devices:compliance-data`	Permission to get the policy compliance details of a device.
`perm:devices:features`	Permission to get the feature on the device. The operations and policies will be applied to these features. For example, the camera restriction policy will be applied to the device's camera. In this context, the device's camera is a feature.
`perm:devices:operations`	Permission to get the device operation details.
`perm:devices:search`	Permission to search devices.
`perm:devices:details`	Permission to get the details of a device.
`perm:devices:update`	Permission to update the device name.
`perm:devices:view`	Permission to get the details of registered devices.
Managing device policies
`perm:policies:remove`	Permission to remove one or multiple policies.
`perm:policies:priorities`	Permission to update the policy priority.
`perm:policies:deactivate`	Permission to deactivate an already active policy.
`perm:policies:get-policy-details`	Permission to get all the details of a specific policy.
`perm:policies:manage`	Permission to add a new policy.
`perm:policies:activate`	Permission to activate a deactivated policy.
`perm:policies:update`	Permission to update the policy details.
`perm:policies:changes`	Permission to publish the policy changes to the existing devices.
`perm:policies:get-details`	Permission to get the details of all the policies.
Managing users
`perm:users:add`	Permission to add a new user.
`perm:users:details`	Permission to get the details of a user.
`perm:users:count`	Permission to get the total number of users.
`perm:users:delete`	Permission to delete a user.
`perm:users:roles`	Permission to get the role details of a user.
`perm:users:user-details`	Permission to get the details of all the user.
`perm:users:credentials`	Permission to change the user password.
`perm:users:search`	Permission to search for a user.
`perm:users:is-exist`	Permission to get the details on whether the user exists or not.
`perm:users:update`	Permission to update the user details.
`perm:users:send-invitation`	Permission to invite users to enroll their devices.
Managing device groups
`perm:groups:devices`	Permission to get the list of devices in a group.
`perm:groups:update`	Permission to update a device group.
`perm:groups:add`	Permission to add a new device group.
`perm:groups:device`	Permission to get the list of groups that have a specific device.
`perm:groups:devices-count`	Permission to get the number of devices in a group.
`perm:groups:remove`	Permission to delete a device group.
`perm:groups:groups`	Permission to get the list of groups that a user has access to.
`perm:groups:groups-view`	Permission to get the details of a group.
`perm:groups:share`	Permission to share a group with users.
`perm:groups:count`	Permission to get the total number of device groups.
`perm:groups:roles`	Permission to get the details of the user roles who can access the group.
`perm:groups:devices-remove`	Permission to remove a device from a group.
`perm:groups:devices-add`	Permission to add a device to a group.
`perm:groups:assign`	Permission to assign a device to a group.
Managing device types
`perm:device-types:features`	Permission to get the feature details of a device.
`perm:device-types:types`	Permission to get the supported device platforms.
Managing mobile applications
`perm:applications:install`	Permission to install a mobile application. This invokes an internal API.
`perm:applications:uninstall`	Permission to uninstall a mobile application.This invokes an internal API.
Managing Notifications
`perm:notifications:mark-checked`	Permission to update the status of a notification sent to a device,
`perm:notifications:view`	Permission to view all the notifications sent to a device.
Managing mutual SSL certificate
`perm:admin:certificates:delete`	Permission to delete a certificate.
`perm:admin:certificates:details`	Permission to get details of an SSL certificate.
`perm:admin:certificates:view`	Permission to get the details of all the uploaded mutual SSL certificates.
`perm:admin:certificates:add`	Permission to add a new certificate.
`perm:admin:certificates:verify`	Permission to verify the SSL certificate.
Managing iOS devices
`perm:ios:enroll`	Permission to enroll an iOS device.
`perm:ios:view-device`	Permission to view the enrolled iOS device details.
`perm:ios:apn`	Permission to add an Apple Push Notification (APN).
`perm:ios:ldap`	Permission to add a Lightweight Directory Access Protocol (LDAP).
`perm:ios:enterprise-app`	Permission to install applications that are developed and published by the organization.
`perm:ios:store-application`	Permission to install applications from the App Store.
`perm:ios:remove-application`	Permission to uninstall an application.
`perm:ios:app-list`	Permission to get the list of applications installed on a device.
`perm:ios:profile-list`	Permission to add restrictions or configurations to the device as policies. The device stores the policy restriction or configurations as profiles.
`perm:ios:lock`	Permission to lock an iOS device.
`perm:ios:enterprise-wipe`	Permission to delete the enterprise-related data on an iOS device and unregister the device.
`perm:ios:device-info`	Permision to get the device information.
`perm:ios:restriction`	Permission to enforce restrictions on the device via the restriction policy.
`perm:ios:email`	Permission to add an email.
`perm:ios:cellular`	Permission to add an Apple cellular payload.
`perm:ios:applications`	Permission to view the applications installed on an iOS device.
`perm:ios:wifi`	Permission to configure the Wi-Fi settings on the device.
`perm:ios:ring`	Permission to ring the device,
`perm:ios:location`	Permission to get the device location.
`perm:ios:notification`	Permission to send a notification to a device.
`perm:ios:airplay`	Permission to configure settings for connecting to AirPlay destinations.
`perm:ios:caldav`	Permission to configure the settings for connecting to CalDAV servers.
`perm:ios:cal-subscription`	Permission to configure settings for calendar subscriptions.
`perm:ios:passcode-policy`	Permission to configure the password policy
`perm:ios:webclip`	Permission to add web clip or a shortcut to a web page.
`perm:ios:vpn`	Permission to specify the VPN settings.
`perm:ios:per-app-vpn`	Permission to specify the per app VPN settings.
`perm:ios:app-to-per-app-vpn`	Permission to specify the app to per app VPN settings.
`perm:ios:app-lock`	Permission to add an application lock.
`perm:ios:clear-passcode`	Permission to clear the password on the iOS device.
`perm:ios:remove-profile`	Permission to remove the restrictions that were pushed to the device via the policies. The device stores the policy restriction or configurations as profiles.
`perm:ios:get-restrictions`	Permission to get the list of restriction that has enforced on the device via the restriction policy.
`perm:ios:wipe-data`	Permission to format the device.
Managing Android devices
`perm:android:enroll`	Permission to enroll an Android device.
`perm:android:wipe`	Permission to carry out a factory reset operation on the device.
`perm:android:ring`	Permission to ring the device.
`perm:android:lock-devices`	Permission to lock the device.
`perm:android:configure-vpn`	Permission to configure the VPN settings.
`perm:android:configure-wifi`	Permission to configure the Wi-Fi settings.
`perm:android:uninstall-application`	Permission to uninstall an application that is on a device.
`perm:android:manage-configuration`	Permission to manage the Android platform configurations.
`perm:android:location`	Permission to get the device location.
`perm:android:install-application`	Permission to install applications on a device.
`perm:android:mute`	Permission to mute a device.
`perm:android:change-lock-code`	Permission to change the device's password.
`perm:android:blacklist-applications`	Permissong to blacklist applications.Blacklisting prevents you from using the defined applications. For Android operation systems before Lollipop, when a blacklisted application is clicked a screen is displayed to prevent you from using the app. For the Lollipop Android operating systems and after, the blacklisted apps will be hidden. Blacklisting can be used on both BYOD and COPE devices.
`perm:android:set-password-policy`	Permission to define a password policy.
`perm:android:encrypt-storage`	Permission to encrypt data on the device, when the device is locked and make it readable when the passcode is entered.
`perm:android:clear-password`	Permission to clear the device's password.
`perm:android:enterprise-wipe`	Permission to unregister a device
`perm:android:info`	Permission to get the details of a device.
`perm:android:view-configuration`	Permission to view Android platform configurations.
`perm:android:upgrade-firmware`	Permission to upgrade the firmware of the device.
`perm:android:set-webclip`	Permission to create a web clip or a shortcut to a web page.
`perm:android:send-notification`	Permission to send a message to a device or devices.
`perm:android:disenroll`	Permission to unregister an Android device.
`perm:android:update-application`	Permssion to update an application that is installed on the device.
`perm:android:unlock-devices`	Permission to unlock the device.
`perm:android:control-camera`	Permission to create a policy to control the device's camera.
`perm:android:reboot`	Permission to restart the device.
`perm:android:logcat`	Permission to push logcat of the device to the analytics server. Logcat displays messages in real time and keeps a history so you can view the old messages.
Other
`perm:admin-groups:count`	Permission to get the total number of device groups as an administrator.
`perm:admin-groups:view`	Permission to get the device group details as an administrator.
`perm:admin`	Permission to create OAuth application and to publish and subscribe to APIs.
`perm:admin-users:view`	Permission to get the details of all the users as an administrator.
`perm:view-configuration`	Permission to view all the platform configurations.
`perm:manage-configuration`	Permission to update the platform configurations.