---
title: Manage scopes
description: Identity Governance allows you to centrally manage end-user access to resources across your company using scopes. Administrators can create and manage filtering rules to ensure users have access to only the resource required.
component: pingoneaic
page_id: pingoneaic:identity-governance:administration/scopes
canonical_url: https://docs.pingidentity.com/pingoneaic/identity-governance/administration/scopes.html
keywords: ["scopes", "manage scopes", "filter access", "resource access", "segregation of duties"]
section_ids:
  view-scopes: View scopes
  add-scopes: Add scopes
  edit-scopes: Edit scopes
---

# Manage scopes

Identity Governance allows you to centrally manage end-user access to resources across your company using *scopes*. Administrators can create and manage filtering rules to ensure users have access to only the resource required.

## View scopes

* In the Advanced Identity Cloud admin console, click Governance > Scopes. The page appears with a list of scopes. If no scopes are present, the page displays a [icon: add, set=material, size=inline] New Scopes button.

  ![Identity Governance scopes.](../_images/governance-scopes.png)

  * 1 Click the [icon: add, set=material, size=inline] New Policy button to add a new policy.

  * 2 Search scopes: Search by scope name, status, or description (case-insensitive).

  * 3 Name: Name of the policy. This is a required field.

  * 4 Status: Current status of the scope, either `Inactive` and `Active`. You can sort the list in ascending or descending order by clicking the up or down triangles.

  * 5 Ellipsis ([icon: more_horiz, set=material, size=inline]): Click to edit, deactivate (if active) or activate (if inactive), or delete the scope.

## Add scopes

1. In the Advanced Identity Cloud admin console, click Governance > Scopes.

2. Click the [icon: add, set=material, size=inline] New Scopes.

3. On the New Scope Details page, enter the scope details, and then click Next:

   | Field                  | Description                                                                            |
   | ---------------------- | -------------------------------------------------------------------------------------- |
   | Name                   | Enter a name for your scope. Follow any naming convention established by your company. |
   | Description (optional) | Enter a general description for the new scope.                                         |

4. On the New Scope Applies to page, do the following:

   1. Use the filter to define which users should have this scope. Select or enter the properties, and then click [icon: add, set=material, size=inline] to add the filter.

      | Field                                                     | Description                                                                               |
      | --------------------------------------------------------- | ----------------------------------------------------------------------------------------- |
      | Select entitlements if `Any` or `All` conditions are met. | Select either Any or All.                                                                 |
      | Select a property                                         | Select any custom or out-of-the-box user attribute.                                       |
      | Operator                                                  | Values include:- contains

      - does not contain

      - is

      - is not

      - starts with

      - ends with |
      | Attribute Value                                           | Enter an attribute.                                                                       |

   2. Click Next to continue.

5. On the New Scope Access page, select the applications, entitlements, or roles resources that users can access:

   | Field        | Description                                                                                                                             |
   | ------------ | --------------------------------------------------------------------------------------------------------------------------------------- |
   | Applications | Select one of the following:- All Applications

   - Applications matching a filter. The page displays a filter to match the applications. |
   | Entitlements | Select one of the following:- All Entitlements

   - Entitlements matching a filter. The page displays a filter to match the entitlements. |
   | Roles        | Select one of the following:- All Roles

   - Roles matching a filter. The page displays a filter to match the roles.                      |

   1. Click Save. The Scopes page displays the new scope.

## Edit scopes

1. In the Advanced Identity Cloud admin console, click Governance > Scopes.

2. On the Scopes page, click the ellipsis ([icon: more_horiz, set=material, size=inline]) for a policy, and then click Edit to change any aspect of a scope.

   1. Click Save to keep your changes.

   2. Click Deactivate to disable the scope, or click Activate to enable the scope for use.

   3. Click Remove to remove the rule from the policy.