Currently, we map "roles" in the standard to "scopes" of authorization. The result is that sometimes it is appropriate for more than one role to be able to access an endpoint (for instance, making reports to the DSS). Currently, we list multiple scopes for these endpoints, however this may be unintentionally requiring all listed scopes per OpenAPI 3.0. We may need to change from, e.g.:
Currently, we map "roles" in the standard to "scopes" of authorization. The result is that sometimes it is appropriate for more than one role to be able to access an endpoint (for instance, making reports to the DSS). Currently, we list multiple scopes for these endpoints, however this may be unintentionally requiring all listed scopes per OpenAPI 3.0. We may need to change from, e.g.:
to