Limiting scopes on server-to-server OAuth

We are developing an App which requires Server-to-Server OAuth. The scopes requested for the App are:

  1. View and manage sub account’s user webinars /webinar:master​
  2. View all user Webinars /webinar:read:admin​
  3. View and manage all user Webinars /webinar:write:admin

Scopes 2 & 3 appears to give the user read, write and admin rights over all users on our Tenant. If this is correct, is it possible to limit these scopes?

My preference is that only a specific user(s) can be defined as admins of the App, and these users will have read/write/Admin rights to only the webinars that they create. The users of the App should not have read/write/admin access to all webinars on our Zoom Tenant

Hi @clomotey
Thanks for reaching out to us, unfortunately, there is no way to limit scopes to certain users.
The server to server app is an account level app type so it will have access to all the users under the account
Have you tried using a User level Oauth app?