Multiple scopes can be assigned to an entity for a single application (e.g., a user can be assigned the application:update and the payments:update scopes).

Scope	Description
owner	Each application has exactly one owner. The user that creates the application is automatically assigned this scope, and will remain the owner until she decides to transfer ownership (only the current owner can transfer ownership). An application owner is authorized to perform all actions. Application API tokens cannot be given the owner scope.
admin:full	The `admin:full` scope is able to perform all actions except transfer ownership of the application to a new user.
admin:limited	The `admin:limited` scope is able to perform all actions available to `admin:full` except manage users and application API tokens.
account:update	The `account:update` scope is able to update accounts within the application. This includes changing subscriptions and issuing refunds. A user with the `account:update` scope has the `account:view` scope by inference.
account:view	The `account:view` scope is able to view account data within the application, but cannot, of itself, modify or alter that data in any way.
payments:update	The `payments:update` scope is able to generate new onboard and update links. This scope can also trigger a refresh of the current status of the application from the payment processor.
payments:dispute	The `payments:dispute` scope is able to supply evidence and respond to disputes.
messaging:update	The `messaging:update` scope is able to generate new messaging content, modify existing messaging material, and launch / trigger communication.
messaging:view	The `messaging:view` scope is able to view all messaging material (campaigns, segments, etc) but cannot, of itself, modify or alter that data. Nor can it, of itself, launch or trigger communication.
application:update	The `application:update` scope is able to update application details as well as update application entitlements.
application:view	The `application:view` scope is able to load data about the application, but cannot, of itself, modify or alter that data in any way. Every user added to an application is given this scope; it cannot be removed from a user.