Esto te permitiría tener un sistema de permisos más detallado, siguiendo el estándar de OAuth2, integrado en tu aplicación OpenAPI (y la documentación de la API).

OAuth2 con scopes es el mecanismo usado por muchos grandes proveedores de autenticación, como Facebook, Google, GitHub, Microsoft, X (Twitter), etc. Lo usan para proporcionar permisos específicos a usuarios y aplicaciones.

  xml.namespace="http://maven.apache.org/PARAMDOC/${version}"
  xml.schemaLocation="http://maven.apache.org/xsd/paramdoc-${version}.xsd">
  <id>paramdoc</id>
  <name>Paramdoc</name>
  <description><![CDATA[Documentation on parameter expressions supported by Maven for use in plugins.]]></description>
  <defaults>
    <default>
      <key>package</key>
      <value>org.apache.maven.usability.plugin</value>
    </default>
  </defaults>

# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.

name: Scorecard supply-chain security
on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:

 * Google-internal Android suite generators. Note that those generators also suppress any test
 * annotated with LargeTest.
 *
 * <p>For more discussion, see {@linkplain com.google.common.base.AndroidIncompatible the
 * documentation on another copy of this annotation}.
 */
@Retention(CLASS)
@Target({ANNOTATION_TYPE, CONSTRUCTOR, FIELD, METHOD, TYPE})
@GwtCompatible

 * Google-internal Android suite generators. Note that those generators also suppress any test
 * annotated with LargeTest.
 *
 * <p>For more discussion, see {@linkplain com.google.common.base.AndroidIncompatible the
 * documentation on another copy of this annotation}.
 */
@Retention(CLASS)
@Target({ANNOTATION_TYPE, CONSTRUCTOR, FIELD, METHOD, TYPE})
@GwtCompatible

 * Google-internal Android suite generators. Note that those generators also suppress any test
 * annotated with LargeTest.
 *
 * <p>For more discussion, see {@linkplain com.google.common.base.AndroidIncompatible the
 * documentation on another copy of this annotation}.
 */
@Retention(CLASS)
@Target({ANNOTATION_TYPE, CONSTRUCTOR, FIELD, METHOD, TYPE})
@GwtCompatible

 * Google-internal Android suite generators. Note that those generators also suppress any test
 * annotated with LargeTest.
 *
 * <p>For more discussion, see {@linkplain com.google.common.base.AndroidIncompatible the
 * documentation on another copy of this annotation}.
 */
@Retention(CLASS)
@Target({ANNOTATION_TYPE, CONSTRUCTOR, FIELD, METHOD, TYPE})
@GwtCompatible

 * Google-internal Android suite generators. Note that those generators also suppress any test
 * annotated with LargeTest.
 *
 * <p>For more discussion, see {@linkplain com.google.common.base.AndroidIncompatible the
 * documentation on another copy of this annotation}.
 */
@Retention(CLASS)
@Target({ANNOTATION_TYPE, CONSTRUCTOR, FIELD, METHOD, TYPE})
@GwtCompatible

      including but not limited to software source code, documentation
      source, and configuration files.

      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.

      including but not limited to software source code, documentation
      source, and configuration files.

      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.