Scope is a mechanism to let an application request limited access to a user’s data.
We don’t define access to the whole resource (users), but only the action or part of the resource
Read vs write access is a good place to start when defining scopes for a service. Typically read access to a user’s private profile information is treated with separate access control from apps wanting to update the profile information.
The most basic scope is read without modification and write to be able to also modify the data.