Configure Allowed Scopes
Define which permissions the agent is allowed to request when it asks for a token:
- Go to Administration > Clients
- Select the agent's client entry
- Under Allowed Scopes, add the permissions that match the role you assigned
Allowed Scopes: data:read, model:write, logs:write
Even if the role includes extra permissions, the agent can only request what is listed here.
Next Step
With scopes configured, learn how the agent requests and uses a delegated token.