OAuth scopes
Scopes allow you to define areas to which the client should have access within its current permissions. Here's a list of available scopes.
Scope group | Scope | Description | Additional details |
|---|---|---|---|
Action engine | action-engine.projects | Gives access to projects based on granted permissions. | Gives access to Action Engine resources via the content-cli to Push and pull action-engine skills |
Audit | audit.log:read | Gives read-only access audit logs based on granted permissions. | Gives read-only access to the Audit Log API. Can be used to export Audit Log events back into a Celonis Studio view or other tool for analysis or risk assessment needs. |
Authorization | authorization.permissions:read | Gives access to read permissions based on granted permissions. | |
Integration | integration.data-models:read | Gives read-only access to data models based on granted permissions. | |
integration.data-pools | Gives access to data pools based on granted permissions. | Gives access to integration resources using the following APIs:
| |
integration.data-pools:continuous_data_push | Gives access to continuously push data to data pools based on granted permissions. | Gives access to the Continuous Data Push API. | |
integration.data-pools:data_push | Gives access to push data to data pools based on granted permissions. | Gives access to the Data Push API. | |
integration.data-pools:query | Gives access to querying Data Pools based on granted permissions. | ||
integration.data-pools:read | Gives read-only access to data pools based on granted permissions. | ||
Intelligence API | intelligence.conversations:write | Gives access to studio copilot conversational API based on granted permissions. | Gives access to the Chat API. This is an API to interact with a Process Copilot built in Celonis (as described here). |
intelligence.knowledge-models:read | Gives read-only access to knowledge models and their data, filters, records, KPIs, OData metadata, specs, and triggers based on granted permissions. | Gives you access to Knowledge Model API - Query knowledge-model data and metadata. | |
intelligence.subscriptions:manage | Allows managing subscriptions to knowledge-model triggers, including creation, updates, and event replay, based on granted permissions. | Event Subscription API - discover business triggers, subscribe to them, manage event subscriptions and emit spontaneous events. | |
intelligence.tools:execute | Allows executing AI Copilot Tools, based on granted permissions. | Tools API - access data retrieval tools built in Process Copilot. | |
Machine learning | machine-learning | ||
MCP | mcp-asset.tools:execute | Allows executing MCP Server Asset Tools, based on granted permissions. | |
On-prem clients | on-prem-client | Gives access to on-premise client based on granted permissions. | |
Orchestration Engine | orchestrtation-engine | Gives access to Process Orchestration and Forms based on granted permissions. | |
Package manager | package-manager | Gives access to package manager based on granted permissions. | |
Platform adoption | platform-adoption.tracking-events:read | Gives read-only access to platform-adoption tracking-events based on granted permissions. | Gives read-only access to the Platform Adoption API - to export user access data for Studio and Apps in order to better understand usage and adoption of packages and views. |
Storage manager | storage-manager.buckets | Gives access to storage-manager buckets based on granted permissions. | Gives access to the SFTP Storage Manager API. |
Studio | knowledge-models.augmented-attributes:update | Gives access to update Augmented Attributes data based on granted permissions. | |
knowledge-models:query | Gives access to running queries on a Knowledge Model based on granted permissions. | ||
knowledge-models:read | Gives read-only access to Knowledge Models based on granted permissions. | ||
skills:execute | Gives access to executing Skills based on granted permissions. | ||
skills:read | Gives access to reading Skills data based on granted permissions. | ||
studio | Gives access to studio based on granted permissions. | ||
studio.packages:read | Gives read-only access to studio packages based on granted permissions. | ||
tasks:read | Gives access to reading Tasks data based on granted permissions. | ||
tasks:update | Gives access to updating Tasks data based on granted permissions. | ||
triggers:manage | Gives access to managing trigger subscriptions to data changes based on granted permissions. | ||
triggers:read | Gives read-only access to triggers based on granted permissions. | ||
Task Mining | task-mining.clients:suspend | Allows suspending the data capturing of Task Mining clients. | |
task-mining.gateway | Gives access to Task Mining Gateway integration API. | ||
task-mining.metadata:read | Gives read-only access to Task Mining user metadata. | ||
Team | team.user-group-info:read | Gives read-only access to team user and group information based on granted permissions. | GGives read-only access to the User Group Info API to export data that returns all user and group details within a team to better understand users, the roles they have and the groups they are part of. |
team.login-history:read | Gives read-only access to team login history based on granted permissions. | Gives read-only access to the Team Login History API to export user login data for the whole team in order to better understand who accesses the team the most or least. | |
User provisioning | user-provisioning.scim | Gives access to the SCIM API based on granted permissions. | Gives access to the SCIM API to automate the provisioning of Users, Groups and Roles with the active directory. |