We are encountering an issue with custom scopes not functioning as expected within user roles. According to the Zoom documentation, users with a custom scope should only be able to manage users who belong to groups assigned within the custom scope. However, we are observing a different behavior.
Steps to Reproduce:
- Created a new role with the following permissions:
View “Usage Reports”
View and Edit “Users” - Assigned a custom scope to the role.
- Assigned the role to a user.
- Observed that the user is able to:
Create meetings for other users who are not part of the assigned groups using the API.
Access meetings using join URLs even if the user is not part of the assigned groups using API.
We have attached a screenshot of the relevant documentation for your reference.
Additional Information:
Please clarify if this is a known issue or if we are misinterpreting the documentation.