We are developing an App which requires Server-to-Server OAuth. The scopes requested for the App are:
- View and manage sub account’s user webinars /webinar:master
- View all user Webinars /webinar:read:admin
- View and manage all user Webinars /webinar:write:admin
Scopes 2 & 3 appears to give the user read, write and admin rights over all users on our Tenant. If this is correct, is it possible to limit these scopes?
My preference is that only a specific user(s) can be defined as admins of the App, and these users will have read/write/Admin rights to only the webinars that they create. The users of the App should not have read/write/admin access to all webinars on our Zoom Tenant