Hi
@nice-article-27102 and welcome to the Flyte community.
I think what you mean here is more in the field of Role Based Access Control (RBAC) and the associated roles and privileges a user/group could enact after a successful authentication flow. If that's the case, that's not currently offered in OSS Flyte but on the managed service.
The `scopes`that can be configured in an IdP (Keycloak in this case) are
Open ID scopes and they refer to what portions of the user's data can be accessed by the client application. So, for example, the
email
scope would give the client app access to the users' email address.