From 0e9c764d0c16959cabd4b4a9bd264d4fb384d87e Mon Sep 17 00:00:00 2001
From: Thamindu Aluthwala <thamindu.randil@gmail.com>
Date: Wed, 25 Oct 2023 17:57:29 +0530
Subject: [PATCH] Improve system APIs

---
 .../APIResourceManagementConstants.java       |   2 +
 .../AuthorizedAPIManagementListener.java      |   8 +-
 .../resources/system-api-resource.xml         | 112 +++-
 .../resources/system-api-resource.xml.j2      | 582 ++++++++++--------
 4 files changed, 427 insertions(+), 277 deletions(-)

diff --git a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/constant/APIResourceManagementConstants.java b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/constant/APIResourceManagementConstants.java
index 9caa1964bd86..00aa6e30e067 100644
--- a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/constant/APIResourceManagementConstants.java
+++ b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/constant/APIResourceManagementConstants.java
@@ -31,6 +31,7 @@ public class APIResourceManagementConstants {
     public static final String IDENTIFIER = "identifier";
     public static final String TYPE = "type";
     public static final String RBAC_AUTHORIZATION = "RBAC";
+    public static final String NO_POLICY = "NO POLICY";
     public static final String ASC = "ASC";
     public static final String SYSTEM_API_FILTER = "type sw SYSTEM";
     public static final String ME_API_FILTER = "name eq Me API and type sw SYSTEM";
@@ -47,6 +48,7 @@ public class APIResourceManagementConstants {
     public static final String LT = "lt";
     public static final String BEFORE_GT = "before gt ";
     public static final String AFTER_LT = "after lt ";
+    public static final String ME_API = "Me API";
     private static final Map<String, String> attributeColumnMap = new HashMap<>();
     private static final Map<String, String> scopeAttributeColumnMap = new HashMap<>();
     public static final Map<String, String> ATTRIBUTE_COLUMN_MAP = Collections.unmodifiableMap(attributeColumnMap);
diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/listener/AuthorizedAPIManagementListener.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/listener/AuthorizedAPIManagementListener.java
index bbaecacd64f4..7465eb355a89 100644
--- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/listener/AuthorizedAPIManagementListener.java
+++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/listener/AuthorizedAPIManagementListener.java
@@ -147,13 +147,17 @@ private void authorizeSystemAPIToConsole(String tenantDomain) {
                 return;
             }
             for (APIResource apiResource : apiResources) {
+                String policyId = APIResourceManagementConstants.RBAC_AUTHORIZATION;
+                if (APIResourceManagementConstants.ME_API.equals(apiResource.getName())) {
+                    policyId = APIResourceManagementConstants.NO_POLICY;
+                }
                 List<Scope> scopes = ApplicationManagementServiceComponentHolder.getInstance()
                         .getAPIResourceManager().getAPIScopesById(apiResource.getId(), tenantDomain);
                 AuthorizedAPI authorizedAPI = new AuthorizedAPI.AuthorizedAPIBuilder()
                         .apiId(apiResource.getId())
                         .appId(applicationBasicInfo.getApplicationResourceId())
                         .scopes(scopes)
-                        .policyId(APIResourceManagementConstants.RBAC_AUTHORIZATION)
+                        .policyId(policyId)
                         .build();
                 authorizedAPIManagementService.addAuthorizedAPI(applicationBasicInfo.getApplicationResourceId(),
                         authorizedAPI, tenantDomain);
@@ -208,7 +212,7 @@ private void authorizeMeAPIToMyAccount(String tenantDomain) {
                         .apiId(apiResource.getId())
                         .appId(applicationBasicInfo.getApplicationResourceId())
                         .scopes(scopes)
-                        .policyId(APIResourceManagementConstants.RBAC_AUTHORIZATION)
+                        .policyId(APIResourceManagementConstants.NO_POLICY)
                         .build();
                 authorizedAPIManagementService.addAuthorizedAPI(applicationBasicInfo.getApplicationResourceId(),
                         authorizedAPI, tenantDomain);
diff --git a/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml b/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml
index ffe8fe1c5421..2f7be71200d5 100644
--- a/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml
+++ b/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml
@@ -201,9 +201,9 @@
                  identifier="/api/server/v1/identity-governance" requiresAuthorization="true"
                  description="API representation of the Identity Governance Management API">
         <Scopes>
-            <Scope displayName="View Identity Governance" name="internal_identity_governance_view" />
+            <Scope displayName="View Identity Governance" name="internal_governance_view" />
             <Scope displayName="Update Identity Governance"
-                   name="internal_identity_governance_update" />
+                   name="internal_governance_update" />
         </Scopes>
     </APIResource>
     <APIResource name="Identity Governance Management API"
@@ -212,9 +212,9 @@
                  type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="View Identity Governance"
-                   name="internal_org_identity_governance_view" />
+                   name="internal_org_governance_view" />
             <Scope displayName="Update Identity Governance"
-                   name="internal_org_identity_governance_update" />
+                   name="internal_org_governance_update" />
         </Scopes>
     </APIResource>
     <APIResource name="Idle Account Identification Management API"
@@ -308,10 +308,10 @@
                  requiresAuthorization="true"
                  description="API representation of the OIDC Scope Management API">
         <Scopes>
-            <Scope displayName="View OIDC Scopes" name="internal_oidc_scope_view" />
-            <Scope displayName="Create OIDC Scopes" name="internal_oidc_scope_create" />
-            <Scope displayName="Update OIDC Scopes" name="internal_oidc_scope_update" />
-            <Scope displayName="Delete OIDC Scopes" name="internal_oidc_scope_delete" />
+            <Scope displayName="View OIDC Scopes" name="internal_oidc_scope_mgt_view" />
+            <Scope displayName="Create OIDC Scopes" name="internal_oidc_scope_mgt_create" />
+            <Scope displayName="Update OIDC Scopes" name="internal_oidc_scope_mgt_update" />
+            <Scope displayName="Delete OIDC Scopes" name="internal_oidc_scope_mgt_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="Tenant Management API" identifier="/api/server/v1/tenants"
@@ -609,23 +609,22 @@
     <APIResource name="SCIM2 Users API" identifier="/scim2/Users" requiresAuthorization="true"
                  description="API representation of the SCIM2 Users API">
         <Scopes>
-            <Scope displayName="List User Management" name="internal_user_mgt_list" />
-            <Scope displayName="Create User Management" name="internal_user_mgt_create" />
-            <Scope displayName="Update User Management" name="internal_user_mgt_update" />
-            <Scope displayName="Delete User Management" name="internal_user_mgt_delete" />
+            <Scope displayName="View User" name="internal_user_mgt_view" />
+            <Scope displayName="List Users" name="internal_user_mgt_list" />
+            <Scope displayName="Create User" name="internal_user_mgt_create" />
+            <Scope displayName="Update User" name="internal_user_mgt_update" />
+            <Scope displayName="Delete User" name="internal_user_mgt_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="SCIM2 Users API" identifier="/o/scim2/Users"
                  requiresAuthorization="true"
                  description="API representation of the SCIM2 Users API" type="SYSTEM_ORG">
         <Scopes>
-            <Scope displayName="List Organization User Management" name="internal_org_user_mgt_list" />
-            <Scope displayName="Create User Management"
-                   name="internal_org_user_mgt_create" />
-            <Scope displayName="Update User Management"
-                   name="internal_org_user_mgt_update" />
-            <Scope displayName="Delete User Management"
-                   name="internal_org_user_mgt_delete" />
+            <Scope displayName="View User" name="internal_org_user_mgt_view" />
+            <Scope displayName="List User" name="internal_org_user_mgt_list" />
+            <Scope displayName="Create User" name="internal_org_user_mgt_create" />
+            <Scope displayName="Update User" name="internal_org_user_mgt_update" />
+            <Scope displayName="Delete User" name="internal_org_user_mgt_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="SCIM2 Roles API" identifier="/scim2/Roles" requiresAuthorization="true"
@@ -847,10 +846,83 @@
             <Scope displayName="Update User" name="internal_org_user_update" />
         </Scopes>
     </APIResource>
-    <APIResource name="Me API" identifier="/me/" requiresAuthorization="true"
+    <APIResource name="Event Configuration API" identifier="/api/event-configurations/v1/events"
+                 requiresAuthorization="true"
+                 description="API representation of the Event Configuration API"
+                 type="SYSTEM">
+        <Scopes>
+            <Scope displayName="View Event Configuration" name="internal_event_config_view" />
+            <Scope displayName="Update Event Configuration" name="internal_event_config_update" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Me API" identifier="/me/" requiresAuthorization="false"
                  description="API representation of the Me API">
         <Scopes>
             <Scope displayName="User Login" name="internal_login" />
         </Scopes>
     </APIResource>
+    <APIResource name="Application Management Feature" identifier="console:applications"
+                 requiresAuthorization="true"
+                 description="Resource representation of the Application Management Feature"
+                 type="SYSTEM_FEATURE">
+        <Scopes>
+            <Scope displayName="Application Feature" name="console:applications" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Attribute Management Feature" identifier="console:attributes"
+                 requiresAuthorization="true"
+                 description="Resource representation of the Attribute Management Feature"
+                 type="SYSTEM_FEATURE">
+        <Scopes>
+            <Scope displayName="Attribute Feature" name="console:attributes" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Group Management Feature" identifier="console:groups"
+                 requiresAuthorization="true"
+                 description="Resource representation of the Group Management Feature"
+                 type="SYSTEM_FEATURE">
+        <Scopes>
+            <Scope displayName="Group Feature" name="console:groups" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Identity Provider Management Feature" identifier="console:idps"
+                 requiresAuthorization="true"
+                 description="Resource representation of the Identity Provider Management Feature"
+                 type="SYSTEM_FEATURE">
+        <Scopes>
+            <Scope displayName="Identity Provider Feature" name="console:idps" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="OIDC Scope Management Feature" identifier="console:scopes:oidc"
+                 requiresAuthorization="true"
+                 description="Resource representation of the OIDC Scope Management Feature"
+                 type="SYSTEM_FEATURE">
+        <Scopes>
+            <Scope displayName="OIDC Scope Feature" name="console:scopes:oidc" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Organization Management Feature" identifier="console:organizations"
+                 requiresAuthorization="true"
+                 description="Resource representation of the Organization Management Feature"
+                 type="SYSTEM_FEATURE">
+        <Scopes>
+            <Scope displayName="Organization Feature" name="console:organizations" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Role Management Feature" identifier="console:roles"
+                 requiresAuthorization="true"
+                 description="Resource representation of the Role Management Feature"
+                 type="SYSTEM_FEATURE">
+        <Scopes>
+            <Scope displayName="Role Feature" name="console:roles" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="User Management Feature" identifier="console:users"
+                 requiresAuthorization="true"
+                 description="Resource representation of the User Management Feature"
+                 type="SYSTEM_FEATURE">
+        <Scopes>
+            <Scope displayName="User Feature" name="console:users" />
+        </Scopes>
+    </APIResource>
 </APIResources>
diff --git a/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml.j2 b/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml.j2
index e9c0bc088629..038da4a7770f 100644
--- a/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml.j2
+++ b/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml.j2
@@ -28,24 +28,24 @@
     </APIResource>
     {% endfor %}
     <APIResource name="Admin Advisory Management API"
-        identifier="/api/server/v1/admin-advisory-management/banner" requiresAuthorization="true"
-        description="API representation of the Admin Advisory Management API">
+                 identifier="/api/server/v1/admin-advisory-management/banner" requiresAuthorization="true"
+                 description="API representation of the Admin Advisory Management API">
         <Scopes>
             <Scope displayName="Modify Admin Advisory" name="internal_admin_advisory_mgt_update" />
         </Scopes>
     </APIResource>
     <APIResource name="Admin Advisory Management API"
-        identifier="/o/api/server/v1/admin-advisory-management/banner" requiresAuthorization="true"
-        description="API representation of the Admin Advisory Management API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/server/v1/admin-advisory-management/banner" requiresAuthorization="true"
+                 description="API representation of the Admin Advisory Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="Modify Admin Advisory"
-                name="internal_org_admin_advisory_mgt_update" />
+                   name="internal_org_admin_advisory_mgt_update" />
         </Scopes>
     </APIResource>
     <APIResource name="API Resource Management API" identifier="/api/server/v1/api-resources"
-        requiresAuthorization="true"
-        description="API representation of the API Resource Management API">
+                 requiresAuthorization="true"
+                 description="API representation of the API Resource Management API">
         <Scopes>
             <Scope displayName="Create API Resource" name="internal_api_resource_create" />
             <Scope displayName="View API Resource" name="internal_api_resource_view" />
@@ -54,65 +54,65 @@
         </Scopes>
     </APIResource>
     <APIResource name="Application Management API" identifier="/api/server/v1/applications"
-        requiresAuthorization="true"
-        description="API representation of the Application Management API">
+                 requiresAuthorization="true"
+                 description="API representation of the Application Management API">
         <Scopes>
             <Scope displayName="Create Application Management"
-                name="internal_application_mgt_create" />
+                   name="internal_application_mgt_create" />
             <Scope displayName="Update Application Management"
-                name="internal_application_mgt_update" />
+                   name="internal_application_mgt_update" />
             <Scope displayName="View Application Management" name="internal_application_mgt_view" />
             <Scope displayName="Delete Application Management"
-                name="internal_application_mgt_delete" />
+                   name="internal_application_mgt_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="Application Management API"
-        identifier="/o/api/server/v1/applications" requiresAuthorization="true"
-        description="API representation of the Application Management API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/server/v1/applications" requiresAuthorization="true"
+                 description="API representation of the Application Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="View Application Management"
-                name="internal_org_application_mgt_view" />
+                   name="internal_org_application_mgt_view" />
             <Scope displayName="Delete Application Management"
-                name="internal_org_application_mgt_delete" />
+                   name="internal_org_application_mgt_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="Authenticators Management API" identifier="/api/server/v1/authenticators"
-        requiresAuthorization="true"
-        description="API representation of the Authenticators Management API">
+                 requiresAuthorization="true"
+                 description="API representation of the Authenticators Management API">
         <Scopes>
             <Scope displayName="View Authenticators" name="internal_authenticator_view" />
         </Scopes>
     </APIResource>
     <APIResource name="Authenticators Management API"
-        identifier="/o/api/server/v1/authenticators" requiresAuthorization="true"
-        description="API representation of the Authenticators Management API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/server/v1/authenticators" requiresAuthorization="true"
+                 description="API representation of the Authenticators Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="View Authenticators"
-                name="internal_org_authenticator_view" />
+                   name="internal_org_authenticator_view" />
         </Scopes>
     </APIResource>
     <APIResource name="Branding Preference Management API"
-        identifier="/api/server/v1/branding-preference" requiresAuthorization="true"
-        description="API representation of the Branding Preference Management API">
+                 identifier="/api/server/v1/branding-preference" requiresAuthorization="true"
+                 description="API representation of the Branding Preference Management API">
         <Scopes>
             <Scope displayName="Update Branding Preference"
-                name="internal_branding_preference_update" />
+                   name="internal_branding_preference_update" />
         </Scopes>
     </APIResource>
     <APIResource name="Branding Preference Management API"
-        identifier="/o/api/server/v1/branding-preference" requiresAuthorization="true"
-        description="API representation of the Branding Preference Management API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/server/v1/branding-preference" requiresAuthorization="true"
+                 description="API representation of the Branding Preference Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="Update Organization Branding Preference"
-                name="internal_org_branding_preference_update" />
+                   name="internal_org_branding_preference_update" />
         </Scopes>
     </APIResource>
     <APIResource name="Challenges Management API" identifier="/api/server/v1/challenges"
-        requiresAuthorization="true"
-        description="API representation of the Challenges Management API">
+                 requiresAuthorization="true"
+                 description="API representation of the Challenges Management API">
         <Scopes>
             <Scope displayName="View Challenges" name="internal_challenges_view" />
             <Scope displayName="Create Challenges" name="internal_challenges_create" />
@@ -121,7 +121,7 @@
         </Scopes>
     </APIResource>
     <APIResource name="Claim Management API" identifier="/api/server/v1/claim-dialects"
-        requiresAuthorization="true" description="API representation of the Claim Management API">
+                 requiresAuthorization="true" description="API representation of the Claim Management API">
         <Scopes>
             <Scope displayName="Create Claim Meta" name="internal_claim_meta_create" />
             <Scope displayName="View Claim Meta" name="internal_claim_meta_view" />
@@ -130,9 +130,9 @@
         </Scopes>
     </APIResource>
     <APIResource name="Claim Management API"
-        identifier="/o/api/server/v1/claim-dialects" requiresAuthorization="true"
-        description="API representation of the Claim Management API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/server/v1/claim-dialects" requiresAuthorization="true"
+                 description="API representation of the Claim Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="Create Claim Meta" name="internal_org_claim_meta_create" />
             <Scope displayName="View Claim Meta" name="internal_org_claim_meta_view" />
@@ -141,7 +141,7 @@
         </Scopes>
     </APIResource>
     <APIResource name="Configuration Management API" identifier="/api/server/v1/configs"
-        requiresAuthorization="true" description="API representation of the Config Management API">
+                 requiresAuthorization="true" description="API representation of the Config Management API">
         <Scopes>
             <Scope displayName="View Config" name="internal_config_view" />
             <Scope displayName="Create Config" name="internal_config_create" />
@@ -150,8 +150,8 @@
         </Scopes>
     </APIResource>
     <APIResource name="Configuration Management API" identifier="/o/api/server/v1/configs"
-        requiresAuthorization="true" description="API representation of the Config Management API"
-        type="SYSTEM_ORG">
+                 requiresAuthorization="true" description="API representation of the Config Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="View Config" name="internal_org_config_view" />
             <Scope displayName="Create Config" name="internal_org_config_create" />
@@ -160,45 +160,45 @@
         </Scopes>
     </APIResource>
     <APIResource name="CORS Management API" identifier="/api/server/v1/cors/origins"
-        requiresAuthorization="true" description="API representation of the CORS Management API">
+                 requiresAuthorization="true" description="API representation of the CORS Management API">
         <Scopes>
             <Scope displayName="View CORS Origins" name="internal_cors_origins_view" />
         </Scopes>
     </APIResource>
     <APIResource name="Expired Password Identification Management API"
-        identifier="/api/server/v1/expired-password-identification" requiresAuthorization="true"
-        description="API representation of the Expired Password Identification Management API">
+                 identifier="/api/server/v1/expired-password-identification" requiresAuthorization="true"
+                 description="API representation of the Expired Password Identification Management API">
         <Scopes>
             <Scope displayName="View Expired Password" name="internal_expired_password_view" />
         </Scopes>
     </APIResource>
     <APIResource name="Expired Password Identification Management API"
-        identifier="/o/api/server/v1/expired-password-identification" requiresAuthorization="true"
-        description="API representation of the Expired Password Identification Management API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/server/v1/expired-password-identification" requiresAuthorization="true"
+                 description="API representation of the Expired Password Identification Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="View Expired Password" name="internal_org_expired_password_view" />
         </Scopes>
     </APIResource>
     <APIResource name="Extension Management API" identifier="/api/server/v1/extensions"
-        requiresAuthorization="true"
-        description="API representation of the Extension Management API">
+                 requiresAuthorization="true"
+                 description="API representation of the Extension Management API">
         <Scopes>
             <Scope displayName="View Extensions" name="internal_extensions_view" />
         </Scopes>
     </APIResource>
     <APIResource name="Extension Management API"
-        identifier="/o/api/server/v1/extensions"
-        requiresAuthorization="true"
-        description="API representation of the Extension Management API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/server/v1/extensions"
+                 requiresAuthorization="true"
+                 description="API representation of the Extension Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="View Extensions" name="internal_org_extensions_view" />
         </Scopes>
     </APIResource>
     <APIResource name="Remote Fetch Management API" identifier="/api/server/v1/remote-fetch"
-        requiresAuthorization="true"
-        description="API representation of the Remote Fetch Management API">
+                 requiresAuthorization="true"
+                 description="API representation of the Remote Fetch Management API">
         <Scopes>
             <Scope displayName="View Remote Fetch" name="internal_remote_fetch_view" />
             <Scope displayName="Create Remote Fetch" name="internal_remote_fetch_create" />
@@ -207,44 +207,44 @@
         </Scopes>
     </APIResource>
     <APIResource name="Identity Governance Management API"
-        identifier="/api/server/v1/identity-governance" requiresAuthorization="true"
-        description="API representation of the Identity Governance Management API">
+                 identifier="/api/server/v1/identity-governance" requiresAuthorization="true"
+                 description="API representation of the Identity Governance Management API">
         <Scopes>
-            <Scope displayName="View Identity Governance" name="internal_identity_governance_view" />
+            <Scope displayName="View Identity Governance" name="internal_governance_view" />
             <Scope displayName="Update Identity Governance"
-                name="internal_identity_governance_update" />
+                   name="internal_governance_update" />
         </Scopes>
     </APIResource>
     <APIResource name="Identity Governance Management API"
-        identifier="/o/api/server/v1/identity-governance" requiresAuthorization="true"
-        description="API representation of the Identity Governance Management API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/server/v1/identity-governance" requiresAuthorization="true"
+                 description="API representation of the Identity Governance Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="View Identity Governance"
-                name="internal_org_identity_governance_view" />
+                   name="internal_org_governance_view" />
             <Scope displayName="Update Identity Governance"
-                name="internal_org_identity_governance_update" />
+                   name="internal_org_governance_update" />
         </Scopes>
     </APIResource>
     <APIResource name="Idle Account Identification Management API"
-        identifier="/api/idle-account-identification/v1/inactive-users" requiresAuthorization="true"
-        description="API representation of the Idle Account Identification Management API">
+                 identifier="/api/idle-account-identification/v1/inactive-users" requiresAuthorization="true"
+                 description="API representation of the Idle Account Identification Management API">
         <Scopes>
             <Scope displayName="List Idle Accounts" name="internal_idle_account_list" />
         </Scopes>
     </APIResource>
     <APIResource name="Idle Account Identification Management API"
-        identifier="/o/api/idle-account-identification/v1/inactive-users"
-        requiresAuthorization="true"
-        description="API representation of the Idle Account Identification Management API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/idle-account-identification/v1/inactive-users"
+                 requiresAuthorization="true"
+                 description="API representation of the Idle Account Identification Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="List Idle Accounts" name="internal_org_idle_account_list" />
         </Scopes>
     </APIResource>
     <APIResource name="Identity Provider Management API"
-        identifier="/api/server/v1/identity-providers" requiresAuthorization="true"
-        description="API representation of the Identity Provider Management API">
+                 identifier="/api/server/v1/identity-providers" requiresAuthorization="true"
+                 description="API representation of the Identity Provider Management API">
         <Scopes>
             <Scope displayName="View Identity Providers" name="internal_idp_view" />
             <Scope displayName="Create Identity Provider" name="internal_idp_create" />
@@ -253,22 +253,22 @@
         </Scopes>
     </APIResource>
     <APIResource name="Identity Provider Management API"
-        identifier="/o/api/server/v1/identity-providers" requiresAuthorization="true"
-        description="API representation of the Identity Provider Management API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/server/v1/identity-providers" requiresAuthorization="true"
+                 description="API representation of the Identity Provider Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="View Identity Providers" name="internal_org_idp_view" />
             <Scope displayName="Create Identity Provider"
-                name="internal_org_idp_create" />
+                   name="internal_org_idp_create" />
             <Scope displayName="Update Identity Provider"
-                name="internal_org_idp_update" />
+                   name="internal_org_idp_update" />
             <Scope displayName="Delete Identity Provider"
-                name="internal_org_idp_delete" />
+                   name="internal_org_idp_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="Identity Verifier Management API" identifier="/api/server/v1/idv-providers"
-        requiresAuthorization="true"
-        description="API representation of the Identity Verifier Management API">
+                 requiresAuthorization="true"
+                 description="API representation of the Identity Verifier Management API">
         <Scopes>
             <Scope displayName="View Identity Verifier Providers" name="internal_idvp_view" />
             <Scope displayName="Add Identity Verifier Provider" name="internal_idvp_add" />
@@ -277,89 +277,89 @@
         </Scopes>
     </APIResource>
     <APIResource name="Validation Rules API" identifier="/api/server/v1/validation-rules"
-        requiresAuthorization="true" description="API representation of the Validation Rules API">
+                 requiresAuthorization="true" description="API representation of the Validation Rules API">
         <Scopes>
             <Scope displayName="Update Validation Rule Management"
-                name="internal_validation_rule_mgt_update" />
+                   name="internal_validation_rule_mgt_update" />
         </Scopes>
     </APIResource>
     <APIResource name="Validation Rules API"
-        identifier="/o/api/server/v1/validation-rules"
-        requiresAuthorization="true"
-        description="API representation of the Validation Rules API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/server/v1/validation-rules"
+                 requiresAuthorization="true"
+                 description="API representation of the Validation Rules API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="Update Organization Validation Rule Management"
-                name="internal_org_validation_rule_mgt_update" />
+                   name="internal_org_validation_rule_mgt_update" />
         </Scopes>
     </APIResource>
     <APIResource name="Keystore Management API" identifier="/api/server/v1/keystores/certs"
-        requiresAuthorization="true" description="API representation of the Keystore Management API">
+                 requiresAuthorization="true" description="API representation of the Keystore Management API">
         <Scopes>
             <Scope displayName="View Keystore" name="internal_keystore_view" />
             <Scope displayName="Update Keystore" name="internal_keystore_update" />
         </Scopes>
     </APIResource>
     <APIResource name="Notification Sender Management API"
-        identifier="/api/server/v1/notification-senders/email" requiresAuthorization="true"
-        description="API representation of the Notification Sender Management API">
+                 identifier="/api/server/v1/notification-senders/email" requiresAuthorization="true"
+                 description="API representation of the Notification Sender Management API">
         <Scopes>
             <Scope displayName="View Notification Senders" name="internal_notification_senders_view" />
             <Scope displayName="Create Notification Senders"
-                name="internal_notification_senders_create" />
+                   name="internal_notification_senders_create" />
             <Scope displayName="Update Notification Senders"
-                name="internal_notification_senders_update" />
+                   name="internal_notification_senders_update" />
             <Scope displayName="Delete Notification Senders"
-                name="internal_notification_senders_delete" />
+                   name="internal_notification_senders_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="OIDC Scope Management API" identifier="/api/server/v1/oidc/scopes"
-        requiresAuthorization="true"
-        description="API representation of the OIDC Scope Management API">
+                 requiresAuthorization="true"
+                 description="API representation of the OIDC Scope Management API">
         <Scopes>
-            <Scope displayName="View OIDC Scopes" name="internal_oidc_scope_view" />
-            <Scope displayName="Create OIDC Scopes" name="internal_oidc_scope_create" />
-            <Scope displayName="Update OIDC Scopes" name="internal_oidc_scope_update" />
-            <Scope displayName="Delete OIDC Scopes" name="internal_oidc_scope_delete" />
+            <Scope displayName="View OIDC Scopes" name="internal_oidc_scope_mgt_view" />
+            <Scope displayName="Create OIDC Scopes" name="internal_oidc_scope_mgt_create" />
+            <Scope displayName="Update OIDC Scopes" name="internal_oidc_scope_mgt_update" />
+            <Scope displayName="Delete OIDC Scopes" name="internal_oidc_scope_mgt_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="Tenant Management API" identifier="/api/server/v1/tenants"
-        requiresAuthorization="true" description="API representation of the Tenant Management API">
+                 requiresAuthorization="true" description="API representation of the Tenant Management API">
         <Scopes>
             <Scope displayName="List Tenants" name="internal_list_tenants" />
             <Scope displayName="Modify Tenants" name="internal_modify_tenants" />
         </Scopes>
     </APIResource>
     <APIResource name="Organization Discovery API"
-        identifier="/api/server/v1/organizations/discovery"
-        requiresAuthorization="true"
-        description="API representation of the Organization Management API">
+                 identifier="/api/server/v1/organizations/discovery"
+                 requiresAuthorization="true"
+                 description="API representation of the Organization Management API">
         <Scopes>
             <Scope displayName="View Organization Discovery"
-                name="internal_organization_discovery_view" />
+                   name="internal_organization_discovery_view" />
             <Scope displayName="Update Organization Discovery"
-                name="internal_organization_discovery_update" />
+                   name="internal_organization_discovery_update" />
             <Scope displayName="Delete Organization Discovery"
-                name="internal_organization_discovery_delete" />
+                   name="internal_organization_discovery_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="Organization Discovery API"
-        identifier="/o/api/server/v1/organizations/discovery"
-        requiresAuthorization="true"
-        description="API representation of the Organization Discovery API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/server/v1/organizations/discovery"
+                 requiresAuthorization="true"
+                 description="API representation of the Organization Discovery API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="View Organization Discovery"
-                name="internal_org_organization_discovery_view" />
+                   name="internal_org_organization_discovery_view" />
             <Scope displayName="Update Organization Discovery"
-                name="internal_org_organization_discovery_update" />
+                   name="internal_org_organization_discovery_update" />
             <Scope displayName="Delete Organization Discovery"
-                name="internal_org_organization_discovery_delete" />
+                   name="internal_org_organization_discovery_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="Organization Management API" identifier="/api/server/v1/organizations"
-        requiresAuthorization="true"
-        description="API representation of the Organization Management API">
+                 requiresAuthorization="true"
+                 description="API representation of the Organization Management API">
         <Scopes>
             <Scope displayName="View Organizations" name="internal_organization_view" />
             <Scope displayName="Create Organizations" name="internal_organization_create" />
@@ -368,10 +368,10 @@
         </Scopes>
     </APIResource>
     <APIResource name="Organization Management API"
-        identifier="/o/api/server/v1/organizations"
-        requiresAuthorization="true"
-        description="API representation of the Organization Management API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/server/v1/organizations"
+                 requiresAuthorization="true"
+                 description="API representation of the Organization Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="View Organizations" name="internal_org_organization_view" />
             <Scope displayName="Create Organizations" name="internal_org_organization_create" />
@@ -380,9 +380,9 @@
         </Scopes>
     </APIResource>
     <APIResource name="Organization Role Management API"
-        identifier="/api/server/v1/organizations/{organization-id}/roles"
-        requiresAuthorization="true"
-        description="API representation of the Organization Role Management API">
+                 identifier="/api/server/v1/organizations/{organization-id}/roles"
+                 requiresAuthorization="true"
+                 description="API representation of the Organization Role Management API">
         <Scopes>
             <Scope displayName="View Organization Roles" name="internal_organization_role_view" />
             <Scope displayName="Create Organization Roles" name="internal_organization_role_create" />
@@ -391,70 +391,70 @@
         </Scopes>
     </APIResource>
     <APIResource name="Organization Role Management API"
-        identifier="/o/api/server/v1/organizations/{organization-id}/roles"
-        requiresAuthorization="true"
-        description="API representation of the Organization Role Management API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/server/v1/organizations/{organization-id}/roles"
+                 requiresAuthorization="true"
+                 description="API representation of the Organization Role Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="View Roles" name="internal_org_organization_role_view" />
             <Scope displayName="Create Organization Roles"
-                name="internal_org_organization_role_create" />
+                   name="internal_org_organization_role_create" />
             <Scope displayName="Update Organization Roles"
-                name="internal_org_organization_role_update" />
+                   name="internal_org_organization_role_update" />
             <Scope displayName="Delete Organization Roles"
-                name="internal_org_organization_role_delete" />
+                   name="internal_org_organization_role_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="Organization Config Discovery Management API"
-        identifier="/api/server/v1/organization-configs/discovery" requiresAuthorization="true"
-        description="API representation of the Organization Config Management API">
+                 identifier="/api/server/v1/organization-configs/discovery" requiresAuthorization="true"
+                 description="API representation of the Organization Config Management API">
         <Scopes>
             <Scope displayName="View Organization Configs" name="internal_organization_config_view" />
             <Scope displayName="Add Organization Configs" name="internal_organization_config_add" />
             <Scope displayName="Delete Organization Configs"
-                name="internal_organization_config_delete" />
+                   name="internal_organization_config_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="Organization Config Discovery Management API"
-        identifier="/o/api/server/v1/organization-configs/discovery" requiresAuthorization="true"
-        description="API representation of the Organization Config Management API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/server/v1/organization-configs/discovery" requiresAuthorization="true"
+                 description="API representation of the Organization Config Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="View Organization Configs"
-                name="internal_org_organization_config_view" />
+                   name="internal_org_organization_config_view" />
             <Scope displayName="Add Organization Configs"
-                name="internal_org_organization_config_add" />
+                   name="internal_org_organization_config_add" />
             <Scope displayName="Delete Organization Configs"
-                name="internal_org_organization_config_delete" />
+                   name="internal_org_organization_config_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="Self Service API"
-        identifier="/api/server/v1/self-service" requiresAuthorization="true"
-        description="API representation of the Self Service API">
+                 identifier="/api/server/v1/self-service" requiresAuthorization="true"
+                 description="API representation of the Self Service API">
         <Scopes>
             <Scope displayName="View Self Service" name="internal_self_service_view" />
             <Scope displayName="Update Self Service" name="internal_self_service_update" />
         </Scopes>
     </APIResource>
     <APIResource name="Self Service API"
-        identifier="/api/server/v1/self-service" requiresAuthorization="true"
-        description="API representation of the Self Service API"
-        type="SYSTEM_ORG">
+                 identifier="/api/server/v1/self-service" requiresAuthorization="true"
+                 description="API representation of the Self Service API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="View Self Service" name="internal_org_self_service_view" />
             <Scope displayName="Update Self Service" name="internal__org_self_service_update" />
         </Scopes>
     </APIResource>
     <APIResource name="Permission Management API"
-        identifier="/api/server/v1/permission-management/permissions" requiresAuthorization="true"
-        description="API representation of the Permission Management API">
+                 identifier="/api/server/v1/permission-management/permissions" requiresAuthorization="true"
+                 description="API representation of the Permission Management API">
         <Scopes>
             <Scope displayName="View Permissions" name="internal_permission_mgt_view" />
         </Scopes>
     </APIResource>
     <APIResource name="Script Library Management API" identifier="/api/server/v1/script-libraries"
-        requiresAuthorization="true"
-        description="API representation of the Script Library Management API">
+                 requiresAuthorization="true"
+                 description="API representation of the Script Library Management API">
         <Scopes>
             <Scope displayName="Create Functional Library" name="internal_functional_lib_create" />
             <Scope displayName="View Functional Library" name="internal_functional_lib_view" />
@@ -463,8 +463,8 @@
         </Scopes>
     </APIResource>
     <APIResource name="Secret Type Management API" identifier="/api/server/v1/secret-type"
-        requiresAuthorization="true"
-        description="API representation of the Secret Type Management API">
+                 requiresAuthorization="true"
+                 description="API representation of the Secret Type Management API">
         <Scopes>
             <Scope displayName="Add Secret Type" name="internal_secret_type_mgt_add" />
             <Scope displayName="Update Secret Type" name="internal_secret_type_mgt_update" />
@@ -473,7 +473,7 @@
         </Scopes>
     </APIResource>
     <APIResource name="Secret Management API" identifier="/api/server/v1/secrets"
-        requiresAuthorization="true" description="API representation of the Secret Management API">
+                 requiresAuthorization="true" description="API representation of the Secret Management API">
         <Scopes>
             <Scope displayName="Add Secret" name="internal_secret_mgt_add" />
             <Scope displayName="Update Secret" name="internal_secret_mgt_update" />
@@ -482,8 +482,8 @@
         </Scopes>
     </APIResource>
     <APIResource name="Userstore Management API" identifier="/api/server/v1/userstore"
-        requiresAuthorization="true"
-        description="API representation of the Userstore Management API">
+                 requiresAuthorization="true"
+                 description="API representation of the Userstore Management API">
         <Scopes>
             <Scope displayName="Create Userstore" name="internal_userstore_create" />
             <Scope displayName="View Userstore" name="internal_userstore_view" />
@@ -492,10 +492,10 @@
         </Scopes>
     </APIResource>
     <APIResource name="Userstore Management API"
-        identifier="/o/api/server/v1/userstore"
-        requiresAuthorization="true"
-        description="API representation of the Userstore Management API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/server/v1/userstore"
+                 requiresAuthorization="true"
+                 description="API representation of the Userstore Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="Create Userstore" name="internal_org_userstore_create" />
             <Scope displayName="View Userstore" name="internal_org_userstore_view" />
@@ -504,32 +504,32 @@
         </Scopes>
     </APIResource>
     <APIResource name="Workflow Management API" identifier="/api/server/v1/workflow-engines"
-        requiresAuthorization="true" description="API representation of the Workflow Management API">
+                 requiresAuthorization="true" description="API representation of the Workflow Management API">
         <Scopes>
             <Scope displayName="View Workflow" name="internal_workflow_view" />
         </Scopes>
     </APIResource>
     <APIResource name="Association Management API"
-        identifier="/api/users/v1/{user-id}/(.*)associations" requiresAuthorization="true"
-        description="API representation of the Association Management API">
+                 identifier="/api/users/v1/{user-id}/(.*)associations" requiresAuthorization="true"
+                 description="API representation of the Association Management API">
         <Scopes>
             <Scope displayName="View User Associations" name="internal_user_association_view" />
             <Scope displayName="Delete User Associations" name="internal_user_association_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="Authorized Application Management V1/V2 API"
-        identifier="/api/users/v(.*)/{user-id}/authorized-apps" requiresAuthorization="true"
-        description="API representation of the Authorized Application Management V2 API">
+                 identifier="/api/users/v(.*)/{user-id}/authorized-apps" requiresAuthorization="true"
+                 description="API representation of the Authorized Application Management V2 API">
         <Scopes>
             <Scope displayName="View Authorized Applications"
-                name="internal_user_authorizedapp_view" />
+                   name="internal_user_authorizedapp_view" />
             <Scope displayName="Delete Authorized Applications"
-                name="internal_user_authorizedapp_delete" />
+                   name="internal_user_authorizedapp_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="Challenge Management API" identifier="/api/users/v1/{user-id}/challenge(.*)"
-        requiresAuthorization="true"
-        description="API representation of the Challenge Management API">
+                 requiresAuthorization="true"
+                 description="API representation of the Challenge Management API">
         <Scopes>
             <Scope displayName="View Challenge Answers" name="internal_challenge_view" />
             <Scope displayName="Create Challenge Answers" name="internal_challenge_create" />
@@ -538,17 +538,17 @@
         </Scopes>
     </APIResource>
     <APIResource name="Functionality Management API"
-        identifier="/api/users/v1/{user-id}/user-functionality/{function-id}"
-        requiresAuthorization="true"
-        description="API representation of the Functionality Management API">
+                 identifier="/api/users/v1/{user-id}/user-functionality/{function-id}"
+                 requiresAuthorization="true"
+                 description="API representation of the Functionality Management API">
         <Scopes>
             <Scope displayName="View User Functionality" name="internal_user_fucntionality_view" />
             <Scope displayName="Create User Functionality" name="internal_user_fucntionality_create" />
         </Scopes>
     </APIResource>
     <APIResource name="IDV Claim Management API" identifier="/api/users/v1/{user-id}/idv"
-        requiresAuthorization="true"
-        description="API representation of the IDV Claim Management API">
+                 requiresAuthorization="true"
+                 description="API representation of the IDV Claim Management API">
         <Scopes>
             <Scope displayName="Verify IDV Claim" name="internal_idv_claim_verify" />
             <Scope displayName="View IDV Claim" name="internal_idv_claim_view" />
@@ -557,10 +557,10 @@
         </Scopes>
     </APIResource>
     <APIResource name="IDV Claim Management API"
-        identifier="/o/api/users/v1/{user-id}/idv"
-        requiresAuthorization="true"
-        description="API representation of the IDV Claim Management API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/users/v1/{user-id}/idv"
+                 requiresAuthorization="true"
+                 description="API representation of the IDV Claim Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="Verify IDV Claim" name="internal_org_idv_claim_verify" />
             <Scope displayName="View IDV Claim" name="internal_org_idv_claim_view" />
@@ -569,31 +569,31 @@
         </Scopes>
     </APIResource>
     <APIResource name="Session Management API" identifier="/api/users/v1/(.*)sessions"
-        requiresAuthorization="true" description="API representation of the Session Management API">
+                 requiresAuthorization="true" description="API representation of the Session Management API">
         <Scopes>
             <Scope displayName="View Sessions" name="internal_session_view" />
             <Scope displayName="Delete Sessions" name="internal_session_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="Session Management API"
-        identifier="/o/api/users/v1/(.*)sessions"
-        requiresAuthorization="true"
-        description="API representation of the Session Management API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/users/v1/(.*)sessions"
+                 requiresAuthorization="true"
+                 description="API representation of the Session Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="View Sessions" name="internal_org_session_view" />
             <Scope displayName="Delete Sessions" name="internal_org_session_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="Account Recovery V1/V2 API" identifier="/api/users/v1/recovery"
-        requiresAuthorization="true"
-        description="API representation of the Account Recovery V1/V2 API">
+                 requiresAuthorization="true"
+                 description="API representation of the Account Recovery V1/V2 API">
         <Scopes>
             <Scope displayName="Create User Recovery" name="internal_user_recovery_create" />
         </Scopes>
     </APIResource>
     <APIResource name="SCIM2 Groups API" identifier="/scim2/Groups" requiresAuthorization="true"
-        description="API representation of the SCIM2 Groups API">
+                 description="API representation of the SCIM2 Groups API">
         <Scopes>
             <Scope displayName="View Group Management" name="internal_group_mgt_view" />
             <Scope displayName="Create Group Management" name="internal_group_mgt_create" />
@@ -602,43 +602,42 @@
         </Scopes>
     </APIResource>
     <APIResource name="SCIM2 Groups API" identifier="/o/scim2/Groups"
-        requiresAuthorization="true"
-        description="API representation of the SCIM2 Groups API" type="SYSTEM_ORG">
+                 requiresAuthorization="true"
+                 description="API representation of the SCIM2 Groups API" type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="View Organization Group Management"
-                name="internal_org_group_mgt_view" />
+                   name="internal_org_group_mgt_view" />
             <Scope displayName="Create Group Management"
-                name="internal_org_group_mgt_create" />
+                   name="internal_org_group_mgt_create" />
             <Scope displayName="Update Group Management"
-                name="internal_org_group_mgt_update" />
+                   name="internal_org_group_mgt_update" />
             <Scope displayName="Delete Group Management"
-                name="internal_org_group_mgt_delete" />
+                   name="internal_org_group_mgt_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="SCIM2 Users API" identifier="/scim2/Users" requiresAuthorization="true"
-        description="API representation of the SCIM2 Users API">
+                 description="API representation of the SCIM2 Users API">
         <Scopes>
-            <Scope displayName="List User Management" name="internal_user_mgt_list" />
-            <Scope displayName="Create User Management" name="internal_user_mgt_create" />
-            <Scope displayName="Update User Management" name="internal_user_mgt_update" />
-            <Scope displayName="Delete User Management" name="internal_user_mgt_delete" />
+            <Scope displayName="View User" name="internal_user_mgt_view" />
+            <Scope displayName="List Users" name="internal_user_mgt_list" />
+            <Scope displayName="Create User" name="internal_user_mgt_create" />
+            <Scope displayName="Update User" name="internal_user_mgt_update" />
+            <Scope displayName="Delete User" name="internal_user_mgt_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="SCIM2 Users API" identifier="/o/scim2/Users"
-        requiresAuthorization="true"
-        description="API representation of the SCIM2 Users API" type="SYSTEM_ORG">
+                 requiresAuthorization="true"
+                 description="API representation of the SCIM2 Users API" type="SYSTEM_ORG">
         <Scopes>
-            <Scope displayName="List Organization User Management" name="internal_org_user_mgt_list" />
-            <Scope displayName="Create User Management"
-                name="internal_org_user_mgt_create" />
-            <Scope displayName="Update User Management"
-                name="internal_org_user_mgt_update" />
-            <Scope displayName="Delete User Management"
-                name="internal_org_user_mgt_delete" />
+            <Scope displayName="View User" name="internal_org_user_mgt_view" />
+            <Scope displayName="List User" name="internal_org_user_mgt_list" />
+            <Scope displayName="Create User" name="internal_org_user_mgt_create" />
+            <Scope displayName="Update User" name="internal_org_user_mgt_update" />
+            <Scope displayName="Delete User" name="internal_org_user_mgt_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="SCIM2 Roles API" identifier="/scim2/Roles" requiresAuthorization="true"
-        description="API representation of the SCIM2 Roles API">
+                 description="API representation of the SCIM2 Roles API">
         <Scopes>
             <Scope displayName="View Role Management" name="internal_role_mgt_view" />
             <Scope displayName="Create Role Management" name="internal_role_mgt_create" />
@@ -647,20 +646,20 @@
         </Scopes>
     </APIResource>
     <APIResource name="SCIM2 Roles API" identifier="/o/scim2/Roles"
-        requiresAuthorization="true"
-        description="API representation of the SCIM2 Roles API" type="SYSTEM_ORG">
+                 requiresAuthorization="true"
+                 description="API representation of the SCIM2 Roles API" type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="View Organization Role Management" name="internal_org_role_mgt_view" />
             <Scope displayName="Create Role Management"
-                name="internal_org_role_mgt_create" />
+                   name="internal_org_role_mgt_create" />
             <Scope displayName="Update Role Management"
-                name="internal_org_role_mgt_update" />
+                   name="internal_org_role_mgt_update" />
             <Scope displayName="Delete Role Management"
-                name="internal_org_role_mgt_delete" />
+                   name="internal_org_role_mgt_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="SCIM2 Bulk API" identifier="/scim2/Bulk" requiresAuthorization="true"
-        description="API representation of the SCIM2 Bulk API">
+                 description="API representation of the SCIM2 Bulk API">
         <Scopes>
             <Scope displayName="Create Bulk User Management" name="internal_bulk_user_mgt_create" />
             <Scope displayName="View Bulk User Management" name="internal_bulk_user_mgt_view" />
@@ -669,21 +668,21 @@
         </Scopes>
     </APIResource>
     <APIResource name="SCIM2 Bulk API" identifier="/o/scim2/Bulk"
-        requiresAuthorization="true"
-        description="API representation of the SCIM2 Bulk API" type="SYSTEM_ORG">
+                 requiresAuthorization="true"
+                 description="API representation of the SCIM2 Bulk API" type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="Create Bulk User Management"
-                name="internal_org_bulk_user_mgt_create" />
+                   name="internal_org_bulk_user_mgt_create" />
             <Scope displayName="View Bulk User Management"
-                name="internal_org_bulk_user_mgt_view" />
+                   name="internal_org_bulk_user_mgt_view" />
             <Scope displayName="Update Bulk User Management"
-                name="internal_org_bulk_user_mgt_update" />
+                   name="internal_org_bulk_user_mgt_update" />
             <Scope displayName="Delete Bulk User Management"
-                name="internal_org_bulk_user_mgt_delete" />
+                   name="internal_org_bulk_user_mgt_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="Code Management API" identifier="/api/identity/user/v1.0/(.*)-code"
-        requiresAuthorization="true" description="API representation of the Code Management API">
+                 requiresAuthorization="true" description="API representation of the Code Management API">
         <Scopes>
             <Scope displayName="View Code Management" name="internal_code_mgt_view" />
             <Scope displayName="Create Code Management" name="internal_code_mgt_create" />
@@ -692,16 +691,16 @@
         </Scopes>
     </APIResource>
     <APIResource name="User Personal Identification API"
-        identifier="/api/identity/user/v1.0/pi-info" requiresAuthorization="true"
-        description="API representation of the User Personal Identification API">
+                 identifier="/api/identity/user/v1.0/pi-info" requiresAuthorization="true"
+                 description="API representation of the User Personal Identification API">
         <Scopes>
             <Scope displayName="View Personal Identification Information"
-                name="internal_pi_info_view" />
+                   name="internal_pi_info_view" />
         </Scopes>
     </APIResource>
     <APIResource name="Configuration Management API" identifier="/api/identity/config-mgt/v1.0"
-        requiresAuthorization="true"
-        description="API representation of the Configuration Management API">
+                 requiresAuthorization="true"
+                 description="API representation of the Configuration Management API">
         <Scopes>
             <Scope displayName="List Configuration Management" name="internal_config_mgt_list" />
             <Scope displayName="View Configuration Management" name="internal_config_mgt_view" />
@@ -711,25 +710,25 @@
         </Scopes>
     </APIResource>
     <APIResource name="Consent Management API" identifier="/api/identity/consent-mgt/v1.0/consents"
-        requiresAuthorization="true" description="API representation of the Consent Management API">
+                 requiresAuthorization="true" description="API representation of the Consent Management API">
         <Scopes>
             <Scope displayName="Add Consent Management" name="internal_consent_mgt_add" />
             <Scope displayName="Delete Consent Management" name="internal_consent_mgt_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="Consent Management API"
-        identifier="/o/api/identity/consent-mgt/v1.0/consents" requiresAuthorization="true"
-        description="API representation of the Consent Management API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/identity/consent-mgt/v1.0/consents" requiresAuthorization="true"
+                 description="API representation of the Consent Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="Add Consent Management"
-                name="internal_org_consent_mgt_add" />
+                   name="internal_org_consent_mgt_add" />
             <Scope displayName="Delete Consent Management"
-                name="internal_org_consent_mgt_delete" />
+                   name="internal_org_consent_mgt_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="Identity Recovery API" identifier="/api/identity/recovery"
-        requiresAuthorization="true" description="API representation of the Identity Recovery API">
+                 requiresAuthorization="true" description="API representation of the Identity Recovery API">
         <Scopes>
             <Scope displayName="View Recovery" name="internal_recovery_view" />
             <Scope displayName="Create Recovery" name="internal_recvoery_create" />
@@ -738,9 +737,9 @@
         </Scopes>
     </APIResource>
     <APIResource name="Identity Recovery API" identifier="/o/api/identity/recovery"
-        requiresAuthorization="true"
-        description="API representation of the Identity Recovery API"
-        type="SYSTEM_ORG">
+                 requiresAuthorization="true"
+                 description="API representation of the Identity Recovery API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="View Recovery" name="internal_org_recovery_view" />
             <Scope displayName="Create Recovery" name="internal_org_recvoery_create" />
@@ -749,8 +748,8 @@
         </Scopes>
     </APIResource>
     <APIResource name="OAuth DCR API" identifier="/api/identity/oauth2/dcr/v1.1/register"
-        requiresAuthorization="true"
-        description="API representation of the OAuth DCR (Dynamic Client Registration) API">
+                 requiresAuthorization="true"
+                 description="API representation of the OAuth DCR (Dynamic Client Registration) API">
         <Scopes>
             <Scope displayName="View DCR" name="internal_dcr_view" />
             <Scope displayName="Create DCR" name="internal_dcr_create" />
@@ -759,8 +758,8 @@
         </Scopes>
     </APIResource>
     <APIResource name="OAuth2.0 Scope Management API" identifier="/api/identity/oauth2/v1.0/scopes"
-        requiresAuthorization="true"
-        description="API representation of the OAuth2.0 Scope Management API">
+                 requiresAuthorization="true"
+                 description="API representation of the OAuth2.0 Scope Management API">
         <Scopes>
             <Scope displayName="View OAuth Scope" name="internal_oauth_scope_view" />
             <Scope displayName="Create OAuth Scope" name="internal_oauth_scope_create" />
@@ -769,8 +768,8 @@
         </Scopes>
     </APIResource>
     <APIResource name="Email Template Management API"
-        identifier="/api/server/v1/email/template-types" requiresAuthorization="true"
-        description="API representation of the Email Template Management API">
+                 identifier="/api/server/v1/email/template-types" requiresAuthorization="true"
+                 description="API representation of the Email Template Management API">
         <Scopes>
             <Scope displayName="View Email Template Management" name="internal_email_mgt_view" />
             <Scope displayName="Create Email Template Management" name="internal_email_mgt_create" />
@@ -779,29 +778,29 @@
         </Scopes>
     </APIResource>
     <APIResource name="Email Template Management API"
-        identifier="/o/api/server/v1/email/template-types" requiresAuthorization="true"
-        description="API representation of the Email Template Management API"
-        type="SYSTEM_ORG">
+                 identifier="/o/api/server/v1/email/template-types" requiresAuthorization="true"
+                 description="API representation of the Email Template Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="View Email Template Management"
-                name="internal_org_email_mgt_view" />
+                   name="internal_org_email_mgt_view" />
             <Scope displayName="Create Email Template Management"
-                name="internal_org_email_mgt_create" />
+                   name="internal_org_email_mgt_create" />
             <Scope displayName="Update Email Template Management"
-                name="internal_org_email_mgt_update" />
+                   name="internal_org_email_mgt_update" />
             <Scope displayName="Delete Email Template Management"
-                name="internal_org_email_mgt_delete" />
+                   name="internal_org_email_mgt_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="Entitlement Management API" identifier="/api/identity/entitlement/"
-        requiresAuthorization="true"
-        description="API representation of the Entitlement Management API">
+                 requiresAuthorization="true"
+                 description="API representation of the Entitlement Management API">
         <Scopes>
             <Scope displayName="Manage PEP (Policy Enforcement Point)" name="internal_manage_pep" />
         </Scopes>
     </APIResource>
     <APIResource name="Media Management API" identifier="/api/identity/media/v1.0/user/"
-        requiresAuthorization="true" description="API representation of the Media Management API">
+                 requiresAuthorization="true" description="API representation of the Media Management API">
         <Scopes>
             <Scope displayName="Create Media Management" name="internal_media_mgt_create" />
             <Scope displayName="View Media Management" name="internal_media_mgt_view" />
@@ -829,37 +828,110 @@
         </Scopes>
     </APIResource>
     <APIResource name="OAuth2 Introspection API" identifier="/oauth2/introspect"
-        requiresAuthorization="true"
-        description="API representation of the OAuth2 Introspection API">
+                 requiresAuthorization="true"
+                 description="API representation of the OAuth2 Introspection API">
         <Scopes>
             <Scope displayName="OAuth2 Introspection" name="internal_oauth2_introspect" />
         </Scopes>
     </APIResource>
     <APIResource name="Identity Register API" identifier="/identity/register"
-        requiresAuthorization="true" description="API representation of the Identity Register API">
+                 requiresAuthorization="true" description="API representation of the Identity Register API">
         <Scopes>
             <Scope displayName="Create Identity Register" name="internal_register_create" />
             <Scope displayName="Delete Identity Register" name="internal_register_delete" />
         </Scopes>
     </APIResource>
     <APIResource name="User Management API" identifier="/api/identity/user/v1.0"
-        requiresAuthorization="true" description="API representation of the User Management API">
+                 requiresAuthorization="true" description="API representation of the User Management API">
         <Scopes>
             <Scope displayName="Update User" name="internal_user_update" />
         </Scopes>
     </APIResource>
     <APIResource name="User Management API" identifier="/o/api/identity/user/v1.0"
-        requiresAuthorization="true"
-        description="API representation of the User Management API"
-        type="SYSTEM_ORG">
+                 requiresAuthorization="true"
+                 description="API representation of the User Management API"
+                 type="SYSTEM_ORG">
         <Scopes>
             <Scope displayName="Update User" name="internal_org_user_update" />
         </Scopes>
     </APIResource>
-    <APIResource name="Me API" identifier="/me/" requiresAuthorization="true"
-        description="API representation of the Me API">
+    <APIResource name="Event Configuration API" identifier="/api/event-configurations/v1/events"
+                 requiresAuthorization="true"
+                 description="API representation of the Event Configuration API"
+                 type="SYSTEM">
+        <Scopes>
+            <Scope displayName="View Event Configuration" name="internal_event_config_view" />
+            <Scope displayName="Update Event Configuration" name="internal_event_config_update" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Me API" identifier="/me/" requiresAuthorization="false"
+                 description="API representation of the Me API">
         <Scopes>
             <Scope displayName="User Login" name="internal_login" />
         </Scopes>
     </APIResource>
+    <APIResource name="Application Management Feature" identifier="console:applications"
+                 requiresAuthorization="true"
+                 description="Resource representation of the Application Management Feature"
+                 type="SYSTEM_FEATURE">
+        <Scopes>
+            <Scope displayName="Application Feature" name="console:applications" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Attribute Management Feature" identifier="console:attributes"
+                 requiresAuthorization="true"
+                 description="Resource representation of the Attribute Management Feature"
+                 type="SYSTEM_FEATURE">
+        <Scopes>
+            <Scope displayName="Attribute Feature" name="console:attributes" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Group Management Feature" identifier="console:groups"
+                 requiresAuthorization="true"
+                 description="Resource representation of the Group Management Feature"
+                 type="SYSTEM_FEATURE">
+        <Scopes>
+            <Scope displayName="Group Feature" name="console:groups" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Identity Provider Management Feature" identifier="console:idps"
+                 requiresAuthorization="true"
+                 description="Resource representation of the Identity Provider Management Feature"
+                 type="SYSTEM_FEATURE">
+        <Scopes>
+            <Scope displayName="Identity Provider Feature" name="console:idps" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="OIDC Scope Management Feature" identifier="console:scopes:oidc"
+                 requiresAuthorization="true"
+                 description="Resource representation of the OIDC Scope Management Feature"
+                 type="SYSTEM_FEATURE">
+        <Scopes>
+            <Scope displayName="OIDC Scope Feature" name="console:scopes:oidc" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Organization Management Feature" identifier="console:organizations"
+                 requiresAuthorization="true"
+                 description="Resource representation of the Organization Management Feature"
+                 type="SYSTEM_FEATURE">
+        <Scopes>
+            <Scope displayName="Organization Feature" name="console:organizations" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Role Management Feature" identifier="console:roles"
+                 requiresAuthorization="true"
+                 description="Resource representation of the Role Management Feature"
+                 type="SYSTEM_FEATURE">
+        <Scopes>
+            <Scope displayName="Role Feature" name="console:roles" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="User Management Feature" identifier="console:users"
+                 requiresAuthorization="true"
+                 description="Resource representation of the User Management Feature"
+                 type="SYSTEM_FEATURE">
+        <Scopes>
+            <Scope displayName="User Feature" name="console:users" />
+        </Scopes>
+    </APIResource>
 </APIResources>