1 min read
Scopes explained
Scopes follow a feature:operation pattern and grant least-privilege access.
- Features:
mail,storage,docs,spreadsheet,search,calendar,settings,terminal,blog,social. - Operations:
read,write,update,delete,send(send applies to mail). - Wildcard:
*grants everything. - Fine-grained:
feature.resource:operation(for example,mail.messages:read). A broader scope covers narrower ones —mail:readcoversmail.messages:read.