> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev.auth0-mintlify.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a password change ticket

> Create a password change ticket for a given user. A password change ticket is a generated URL that the user can consume to start a reset password flow.

Note: This endpoint does not verify the given user’s identity. If you call this endpoint within your application, you must design your application to verify the user’s identity.


export const Scopes = ({scopes = []}) => {
  return <div>
      <div class="api-section-heading flex flex-col gap-y-4 w-full">
        <div class="flex items-baseline border-b pb-2.5 border-gray-100 dark:border-gray-800 w-full">
          <h4 class="api-section-heading-title flex-1 mb-0">Scopes</h4>
          <div class="flex items-center"></div>
        </div>
      </div>
      <div class="mt-4">
        <div class="space-y-4 whitespace-normal prose prose-sm prose-gray dark:prose-invert overflow-wrap-anywhere [&_*]:overflow-wrap-anywhere">
          <p class="whitespace-pre-line text-xs">
            {"Scopes define permissions and access levels for API requests and authentication tokens."}
          </p>
        </div>
      </div>
      <div class="flex font-mono text-sm group/param-head param-head break-all relative mt-6" id="scopes-scopes">
        <div class="flex-1 flex flex-col content-start py-0.5 mr-5">
          <div class="flex items-center flex-wrap gap-2">
            <div class="absolute -top-1.5">
              <a href="#scopes-scopes" class="-ml-10 flex items-center opacity-0 border-0 group-hover/param-head:opacity-100 focus:opacity-100 focus:outline-0 py-2 [.expandable-content_&]:-ml-[2.1rem] group/link" aria-label="Navigate to header">
                ​
                <div class="w-6 h-6 rounded-md flex items-center justify-center shadow-sm text-gray-400 dark:text-white/50 dark:bg-background-dark dark:brightness-[1.35] dark:ring-1 dark:hover:brightness-150 bg-white ring-1 ring-gray-400/30 dark:ring-gray-700/25 hover:ring-gray-400/60 dark:hover:ring-white/20 group-focus/link:border-2 group-focus/link:border-primary dark:group-focus/link:border-primary-light">
                  <svg xmlns="http://www.w3.org/2000/svg" fill="gray" height="12px" viewBox="0 0 576 512">
                    <path d="M0 256C0 167.6 71.6 96 160 96h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C98.1 144 48 194.1 48 256s50.1 112 112 112h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C71.6 416 0 344.4 0 256zm576 0c0 88.4-71.6 160-160 160H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c61.9 0 112-50.1 112-112s-50.1-112-112-112H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c88.4 0 160 71.6 160 160zM184 232H392c13.3 0 24 10.7 24 24s-10.7 24-24 24H184c-13.3 0-24-10.7-24-24s10.7-24 24-24z"></path>
                  </svg>
                </div>
              </a>
            </div>
            {scopes.map((scope, index) => {
    return <span class="flex items-center px-2 py-0.5 rounded-md bg-gray-100/50 dark:bg-white/5 text-gray-600 dark:text-gray-200 font-medium break-all" style={{
      lineHeight: "1rem",
      fontSize: "0.75rem",
      fontFamily: 'var(--font-jetbrains-mono), ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace'
    }} data-component-part="field-info-pill" key={index}>
                  {scope}
                </span>;
  })}
          </div>
        </div>
      </div>
    </div>;
};

export const ApiReleaseLifecycle = ({releaseLifecycle = 'GA'}) => {
  const lifecycleMap = {
    ea: 'Early Access',
    ga: 'Generally Available',
    deprecated: 'Deprecated',
    planned: 'Planned',
    beta: 'Beta'
  };
  const LIFECYCLE_THEMES = {
    info: {
      light: {
        bg: 'lab(91.896% .077188 -6.94053)',
        text: 'lab(36.091% 25.9241 -68.0384)'
      },
      dark: {
        bg: 'lab(16.0426% 6.71726 -27.2409)',
        text: 'lab(72.6029% 4.08953 -41.9669)'
      }
    },
    secondary: {
      light: {
        bg: 'lab(90.8548% 11.3355 8.01476)',
        text: 'lab(47.5286% 56.4238 43.4706)'
      },
      dark: {
        bg: 'lab(16.3609% 37.191 25.6346)',
        text: 'lab(71.881% 41.5 29.4839)'
      }
    },
    danger: {
      light: {
        bg: 'lab(94.7916% -.0000298023 0)',
        text: 'lab(54.3656% 0 -.0000119209)'
      },
      dark: {
        bg: 'lab(13.232% 0 0)',
        text: 'lab(51.6164% 0 0)'
      }
    }
  };
  const LIFECYCLE_THEME_MAP = {
    ea: 'info',
    ga: 'info',
    beta: 'info',
    deprecated: 'secondary',
    planned: 'danger'
  };
  const lifecycle = releaseLifecycle.toLocaleLowerCase();
  const lifecycleText = lifecycleMap[lifecycle];
  if (!lifecycleText) {
    return null;
  }
  const theme = LIFECYCLE_THEMES[LIFECYCLE_THEME_MAP[lifecycle]];
  return <div>
      <div className="api-section-heading flex flex-col gap-y-4 w-full">
        <div className="flex items-baseline border-b pb-2.5 border-gray-100 dark:border-gray-800 w-full">
          <h4 className="api-section-heading-title flex-1 mb-0">
            Release Lifecycle
          </h4>
        </div>
      </div>
      <div className="flex font-mono text-sm group/param-head param-head break-all relative mt-2.5" id="releaselifecycle-lifecycle">
        <div className="flex-1 flex flex-col content-start py-0.5 mr-5">
          <div className="flex items-center flex-wrap gap-2">
            <div className="absolute -top-1.5">
              <a href="#releaselifecycle-lifecycle" className="-ml-10 flex items-center opacity-0 border-0 group-hover/param-head:opacity-100 focus:opacity-100 focus:outline-0 py-2 [.expandable-content_&]:-ml-[2.1rem] group/link" aria-label="Navigate to header">
                <div className="w-6 h-6 rounded-md flex items-center justify-center shadow-sm text-gray-400 dark:text-white/50 dark:bg-background-dark dark:brightness-[1.35] dark:ring-1 dark:hover:brightness-150 bg-white ring-1 ring-gray-400/30 dark:ring-gray-700/25 hover:ring-gray-400/60 dark:hover:ring-white/20 group-focus/link:border-2 group-focus/link:border-primary dark:group-focus/link:border-primary-light">
                  <svg xmlns="http://www.w3.org/2000/svg" fill="gray" height="12px" viewBox="0 0 576 512">
                    <path d="M0 256C0 167.6 71.6 96 160 96h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C98.1 144 48 194.1 48 256s50.1 112 112 112h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C71.6 416 0 344.4 0 256zm576 0c0 88.4-71.6 160-160 160H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c61.9 0 112-50.1 112-112s-50.1-112-112-112H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c88.4 0 160 71.6 160 160zM184 232H392c13.3 0 24 10.7 24 24s-10.7 24-24 24H184c-13.3 0-24-10.7-24-24s10.7-24 24-24z"></path>
                  </svg>
                </div>
              </a>
            </div>
            <span className="inline-flex items-center w-fit font-medium gap-1 py-0.5 px-2 rounded-md" style={{
    lineHeight: '1rem',
    fontSize: '0.75rem',
    fontFamily: 'var(--font-jetbrains-mono), ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace',
    backgroundColor: `light-dark(${theme.light.bg}, ${theme.dark.bg})`,
    color: `light-dark(${theme.light.text}, ${theme.dark.text})`,
    borderColor: `light-dark(color-mix(in oklab, ${theme.light.text} 25%, transparent), color-mix(in oklab, ${theme.dark.text} 25%, transparent))`
  }}>
              {lifecycleText}
            </span>
          </div>
        </div>
      </div>
    </div>;
};

<ApiReleaseLifecycle releaseLifecycle="GA" />

<Scopes scopes={["create:user_tickets"]} />


## OpenAPI

````yaml management-api-oas post /tickets/password-change
openapi: 3.1.0
info:
  title: Auth0 Management API
  description: Auth0 Management API v2.
  termsOfService: https://auth0.com/web-terms/
  contact:
    name: Auth0 Support
    url: https://support.auth0.com
  version: '2.0'
servers:
  - url: https://{tenantDomain}/api/v2
    variables:
      tenantDomain:
        default: '{TENANT}.auth0.com'
        description: Auth0 Tenant Domain
security:
  - bearerAuth: []
externalDocs:
  description: Auth0 Management API Documentation
  url: https://auth0.com/docs/api/management/v2/
paths:
  /tickets/password-change:
    post:
      tags:
        - tickets
      summary: Create a password change ticket
      description: >
        Create a password change ticket for a given user. A password change
        ticket is a generated URL that the user can consume to start a reset
        password flow.


        Note: This endpoint does not verify the given user’s identity. If you
        call this endpoint within your application, you must design your
        application to verify the user’s identity.
      operationId: post_password-change
      parameters:
        - name: auth0-custom-domain
          in: header
          description: Custom domain to be used for this request
          schema:
            type: string
            minLength: 3
            maxLength: 255
          x-sdk-ignore: true
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ChangePasswordTicketRequestContent'
          application/x-www-form-urlencoded:
            schema:
              $ref: '#/components/schemas/ChangePasswordTicketRequestContent'
      responses:
        '201':
          description: Ticket successfully created.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ChangePasswordTicketResponseContent'
        '400':
          description: Invalid request body. The message will vary depending on the cause.
          x-description-1: The user does not have an email address.
          x-description-2: The user's main connection does not support this operation.
          x-description-3: An error ocurred in Auth0's identity provider.
          x-description-4: The connection with id {connection_id} does not exist.
          x-description-5: Identity connection does not exist.
          x-description-6: The user exists, but does not contain the given identity.
          x-description-7: The client does not exist
          x-description-8: The organization does not exist
          x-description-9: >-
            The user with id {user_id} is not a member of organization with id
            {organization_id}.
        '401':
          description: Invalid token.
          x-description-1: Client is not global.
          x-description-2: Invalid signature received for JSON Web Token validation.
        '403':
          description: User to be acted on does not match subject in bearer token.
          x-description-1: 'Insufficient scope; expected any of: create:user_tickets.'
        '404':
          description: User not found.
        '429':
          description: >-
            Too many requests. Check the X-RateLimit-Limit,
            X-RateLimit-Remaining and X-RateLimit-Reset headers.
      security:
        - bearerAuth: []
        - oAuth2ClientCredentials:
            - create:user_tickets
      x-codeSamples:
        - lang: go
          label: Create a password change ticket
          source: |
            package example

            import (
                context "context"

                management "github.com/auth0/go-auth0/management/management"
                client "github.com/auth0/go-auth0/management/management/client"
                option "github.com/auth0/go-auth0/management/management/option"
            )

            func do() {
                client := client.NewClient(
                    option.WithToken(
                        "<token>",
                    ),
                )
                request := &management.ChangePasswordTicketRequestContent{}
                client.Tickets.ChangePassword(
                    context.TODO(),
                    request,
                )
            }
        - lang: typescript
          label: Create a password change ticket
          source: |
            import { ManagementClient } from "auth0";

            async function main() {
                const client = new ManagementClient({
                    token: "<token>",
                });
                await client.tickets.changePassword({});
            }
            main();
        - lang: javascript
          label: Create a password change ticket
          source: |
            import { ManagementClient } from "auth0";

            async function main() {
                const client = new ManagementClient({
                    token: "<token>",
                });
                await client.tickets.changePassword({});
            }
            main();
components:
  schemas:
    ChangePasswordTicketRequestContent:
      type: object
      additionalProperties: false
      properties:
        result_url:
          type: string
          description: >-
            URL the user will be redirected to in the classic Universal Login
            experience once the ticket is used. Cannot be specified when using
            organization_id. May be specified together with client_id when the
            tenant has a custom password reset page enabled and a
            password-reset-post-challenge Action bound.
          default: http://myapp.com/callback
          format: url
        user_id:
          type: string
          description: user_id of for whom the ticket should be created.
          format: user-id
        client_id:
          type: string
          description: >-
            ID of the client (application). If provided for tenants using the
            New Universal Login experience, the email template and UI displays
            application details, and the user is prompted to redirect to the
            application's <a target=''
            href='https://auth0.com/docs/authenticate/login/auth0-universal-login/configure-default-login-routes#completing-the-password-reset-flow'>default
            login route</a> after the ticket is used. client_id is required to
            use the <a target=''
            href='https://auth0.com/docs/customize/actions/flows-and-triggers/post-change-password-flow'>Password
            Reset Post Challenge</a> trigger.
          default: DaM8bokEXBWrTUFCiJjWn50jei6ardyX
          format: client-id
        organization_id:
          type: string
          description: >-
            (Optional) Organization ID – the ID of the Organization. If
            provided, organization parameters will be made available to the
            email template and organization branding will be applied to the
            prompt. In addition, the redirect link in the prompt will include
            organization_id and organization_name query string parameters.
          default: org_2eondWoxcMIpaLQc
          format: organization-id
        connection_id:
          type: string
          description: >-
            ID of the connection. If provided, allows the user to be specified
            using email instead of user_id. If you set this value, you must also
            send the email parameter. You cannot send user_id when specifying a
            connection_id.
          default: con_0000000000000001
          pattern: ^con_[A-Za-z0-9]{16}$
        email:
          type: string
          description: >-
            Email address of the user for whom the tickets should be created.
            Requires the connection_id parameter. Cannot be specified when using
            user_id.
          format: email
        ttl_sec:
          type: integer
          description: >-
            Number of seconds for which the ticket is valid before expiration.
            If unspecified or set to 0, this value defaults to 432000 seconds (5
            days).
          minimum: 0
        mark_email_as_verified:
          type: boolean
          description: >-
            Whether to set the email_verified attribute to true (true) or
            whether it should not be updated (false).
          default: false
        includeEmailInRedirect:
          type: boolean
          description: >-
            Whether to include the email address as part of the returnUrl in the
            reset_email (true), or not (false).
        identity:
          $ref: '#/components/schemas/ChangePasswordTicketIdentity'
          x-release-lifecycle: EA
    ChangePasswordTicketResponseContent:
      type: object
      additionalProperties: true
      required:
        - ticket
      properties:
        ticket:
          type: string
          description: URL representing the ticket.
          default: >-
            https://login.auth0.com/lo/reset?client_id=nsaPS2p3cargoFy82WT7betaOPOt3qSh&tenant=mdocs&bewit=bmNlR01CcDNOUE1GeXVzODJXVDdyY1RUT1BPdDNxU2hcMTQzMDY2MjE4MVxuRTcxM0RSeUNlbEpzUUJmaFVaS3A1NEdJbWFzSUZMYzRTdEFtY2NMMXhZPVx7ImVtYWloojoiZGFtaWtww2NoQGhvdG1haWwuY29tIiwidGVuYW50IjoiZHNjaGVua2tjwWFuIiwiY2xpZW50X2lkIjoibmNlR01CcDNOUE1GeXVzODJXVDdyY1RUT1BPiiqxU2giLCJjb25uZWN0aW9uIjoiRGFtaWmsdiwicmVzdWx0VXJsIjoiIn0
          format: url
    ChangePasswordTicketIdentity:
      type: object
      description: >-
        The user's identity. If you set this value, you must also send the
        user_id parameter.
      additionalProperties: false
      required:
        - user_id
        - provider
      x-release-lifecycle: EA
      properties:
        user_id:
          type: string
          description: user_id of the identity.
          default: 5457edea1b8f22891a000004
        provider:
          $ref: '#/components/schemas/IdentityProviderOnlyAuth0Enum'
        connection_id:
          type: string
          description: connection_id of the identity.
          pattern: ^con_[A-Za-z0-9]{16}$
    IdentityProviderOnlyAuth0Enum:
      type: string
      description: Identity provider name of the identity. Only `auth0` is supported
      default: auth0
      enum:
        - auth0
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: jwt
    oAuth2ClientCredentials:
      type: oauth2
      flows:
        clientCredentials:
          tokenUrl: /oauth/token/
          x-form-parameters:
            audience: /api/v2/
          scopes:
            create:actions: Create Actions
            read:actions: Read Actions
            update:actions: Update Actions
            delete:actions: Delete Actions
            read:anomaly_blocks: Read Anomaly Blocks
            delete:anomaly_blocks: Delete Anomaly Blocks
            read:attack_protection: Read Attack Protection
            update:attack_protection: Update Attack Protection
            create:authentication_methods: Create Authentication Methods
            read:authentication_methods: Read Authentication Methods
            update:authentication_methods: Update Authentication Methods
            delete:authentication_methods: Delete Authentication Methods
            read:branding: Read Branding
            update:branding: Update Branding
            delete:branding: Delete Branding
            create:client_credentials: Create Client Credentials
            read:client_credentials: Read Client Credentials
            update:client_credentials: Update Client Credentials
            delete:client_credentials: Delete Client Credentials
            create:client_grants: Create Client Grants
            read:client_grants: Read Client Grants
            update:client_grants: Update Client Grants
            delete:client_grants: Delete Client Grants
            read:client_keys: Read Client Keys
            update:client_keys: Update Client Keys
            read:client_summary: Read Client Summary
            update:client_token_vault_privileged_access: Update Client Token Vault Privileged Access
            create:clients: Create Clients
            read:clients: Read Clients
            update:clients: Update Clients
            delete:clients: Delete Clients
            create:connection_profiles: Create Connection Profiles
            read:connection_profiles: Read Connection Profiles
            update:connection_profiles: Update Connection Profiles
            delete:connection_profiles: Delete Connection Profiles
            create:connections: Create Connections
            read:connections: Read Connections
            update:connections: Update Connections
            delete:connections: Delete Connections
            create:connections_keys: Create Connections Keys
            read:connections_keys: Read Connections Keys
            update:connections_keys: Update Connections Keys
            read:current_user: Read Current User
            delete:current_user: Delete Current User
            create:current_user_device_credentials: Create Current User Device Credentials
            delete:current_user_device_credentials: Delete Current User Device Credentials
            update:current_user_identities: Update Current User Identities
            update:current_user_metadata: Update Current User Metadata
            create:custom_domains: Create Custom Domains
            read:custom_domains: Read Custom Domains
            update:custom_domains: Update Custom Domains
            delete:custom_domains: Delete Custom Domains
            create:custom_signing_keys: Create Custom Signing Keys
            read:custom_signing_keys: Read Custom Signing Keys
            update:custom_signing_keys: Update Custom Signing Keys
            delete:custom_signing_keys: Delete Custom Signing Keys
            read:device_credentials: Read Device Credentials
            delete:device_credentials: Delete Device Credentials
            create:directory_provisionings: Create Directory Provisionings
            read:directory_provisionings: Read Directory Provisionings
            update:directory_provisionings: Update Directory Provisionings
            delete:directory_provisionings: Delete Directory Provisionings
            create:email_provider: Create Email Provider
            read:email_provider: Read Email Provider
            update:email_provider: Update Email Provider
            delete:email_provider: Delete Email Provider
            create:email_templates: Create Email Templates
            read:email_templates: Read Email Templates
            update:email_templates: Update Email Templates
            create:encryption_keys: Create Encryption Keys
            read:encryption_keys: Read Encryption Keys
            update:encryption_keys: Update Encryption Keys
            delete:encryption_keys: Delete Encryption Keys
            read:event_deliveries: Read Event Deliveries
            update:event_deliveries: Update Event Deliveries
            create:event_streams: Create Event Streams
            read:event_streams: Read Event Streams
            update:event_streams: Update Event Streams
            delete:event_streams: Delete Event Streams
            read:events: Read Events
            create:experimentation: Create Experimentation
            read:experimentation: Read Experimentation
            update:experimentation: Update Experimentation
            delete:experimentation: Delete Experimentation
            read:federated_connections_tokens: Read Federated Connections Tokens
            delete:federated_connections_tokens: Delete Federated Connections Tokens
            create:flows: Create Flows
            read:flows: Read Flows
            update:flows: Update Flows
            delete:flows: Delete Flows
            read:flows_executions: Read Flows Executions
            delete:flows_executions: Delete Flows Executions
            create:flows_vault_connections: Create Flows Vault Connections
            read:flows_vault_connections: Read Flows Vault Connections
            update:flows_vault_connections: Update Flows Vault Connections
            delete:flows_vault_connections: Delete Flows Vault Connections
            create:forms: Create Forms
            read:forms: Read Forms
            update:forms: Update Forms
            delete:forms: Delete Forms
            read:grants: Read Grants
            delete:grants: Delete Grants
            read:group_members: Read Group Members
            create:group_roles: Create Group Roles
            read:group_roles: Read Group Roles
            delete:group_roles: Delete Group Roles
            read:groups: Read Groups
            delete:groups: Delete Groups
            create:guardian_enrollment_tickets: Create Guardian Enrollment Tickets
            read:guardian_enrollments: Read Guardian Enrollments
            delete:guardian_enrollments: Delete Guardian Enrollments
            read:guardian_factors: Read Guardian Factors
            update:guardian_factors: Update Guardian Factors
            create:hooks: Create Hooks
            read:hooks: Read Hooks
            update:hooks: Update Hooks
            delete:hooks: Delete Hooks
            create:log_streams: Create Log Streams
            read:log_streams: Read Log Streams
            update:log_streams: Update Log Streams
            delete:log_streams: Delete Log Streams
            read:logs: Read Logs
            read:logs_users: Read Logs Users
            read:mfa_policies: Read Mfa Policies
            update:mfa_policies: Update Mfa Policies
            create:network_acls: Create Network Acls
            read:network_acls: Read Network Acls
            update:network_acls: Update Network Acls
            delete:network_acls: Delete Network Acls
            create:organization_client_grants: Create Organization Client Grants
            read:organization_client_grants: Read Organization Client Grants
            delete:organization_client_grants: Delete Organization Client Grants
            create:organization_connections: Create Organization Connections
            read:organization_connections: Read Organization Connections
            update:organization_connections: Update Organization Connections
            delete:organization_connections: Delete Organization Connections
            create:organization_discovery_domains: Create Organization Discovery Domains
            read:organization_discovery_domains: Read Organization Discovery Domains
            update:organization_discovery_domains: Update Organization Discovery Domains
            delete:organization_discovery_domains: Delete Organization Discovery Domains
            create:organization_group_roles: Create Organization Group Roles
            read:organization_group_roles: Read Organization Group Roles
            delete:organization_group_roles: Delete Organization Group Roles
            read:organization_groups: Read Organization Groups
            create:organization_invitations: Create Organization Invitations
            read:organization_invitations: Read Organization Invitations
            delete:organization_invitations: Delete Organization Invitations
            read:organization_member_effective_roles: Read Organization Member Effective Roles
            read:organization_member_role_source_groups: Read Organization Member Role Source Groups
            create:organization_member_roles: Create Organization Member Roles
            read:organization_member_roles: Read Organization Member Roles
            delete:organization_member_roles: Delete Organization Member Roles
            create:organization_members: Create Organization Members
            read:organization_members: Read Organization Members
            delete:organization_members: Delete Organization Members
            create:organizations: Create Organizations
            read:organizations: Read Organizations
            update:organizations: Update Organizations
            delete:organizations: Delete Organizations
            read:organizations_summary: Read Organizations Summary
            create:phone_providers: Create Phone Providers
            read:phone_providers: Read Phone Providers
            update:phone_providers: Update Phone Providers
            delete:phone_providers: Delete Phone Providers
            create:phone_templates: Create Phone Templates
            read:phone_templates: Read Phone Templates
            update:phone_templates: Update Phone Templates
            delete:phone_templates: Delete Phone Templates
            read:prompts: Read Prompts
            update:prompts: Update Prompts
            create:rate_limit_policies: Create Rate Limit Policies
            read:rate_limit_policies: Read Rate Limit Policies
            update:rate_limit_policies: Update Rate Limit Policies
            delete:rate_limit_policies: Delete Rate Limit Policies
            read:refresh_tokens: Read Refresh Tokens
            update:refresh_tokens: Update Refresh Tokens
            delete:refresh_tokens: Delete Refresh Tokens
            create:resource_servers: Create Resource Servers
            read:resource_servers: Read Resource Servers
            update:resource_servers: Update Resource Servers
            delete:resource_servers: Delete Resource Servers
            create:role_members: Create Role Members
            read:role_members: Read Role Members
            delete:role_members: Delete Role Members
            create:roles: Create Roles
            read:roles: Read Roles
            update:roles: Update Roles
            delete:roles: Delete Roles
            create:rules: Create Rules
            read:rules: Read Rules
            update:rules: Update Rules
            delete:rules: Delete Rules
            read:rules_configs: Read Rules Configs
            update:rules_configs: Update Rules Configs
            delete:rules_configs: Delete Rules Configs
            create:scim_config: Create Scim Config
            read:scim_config: Read Scim Config
            update:scim_config: Update Scim Config
            delete:scim_config: Delete Scim Config
            create:scim_token: Create Scim Token
            read:scim_token: Read Scim Token
            delete:scim_token: Delete Scim Token
            read:self_service_profile_custom_texts: Read Self Service Profile Custom Texts
            update:self_service_profile_custom_texts: Update Self Service Profile Custom Texts
            create:self_service_profiles: Create Self Service Profiles
            read:self_service_profiles: Read Self Service Profiles
            update:self_service_profiles: Update Self Service Profiles
            delete:self_service_profiles: Delete Self Service Profiles
            read:sessions: Read Sessions
            update:sessions: Update Sessions
            delete:sessions: Delete Sessions
            create:signing_keys: Create Signing Keys
            read:signing_keys: Read Signing Keys
            update:signing_keys: Update Signing Keys
            create:sso_access_tickets: Create Sso Access Tickets
            delete:sso_access_tickets: Delete Sso Access Tickets
            read:stats: Read Stats
            read:tenant_settings: Read Tenant Settings
            update:tenant_settings: Update Tenant Settings
            create:token_exchange_profiles: Create Token Exchange Profiles
            read:token_exchange_profiles: Read Token Exchange Profiles
            update:token_exchange_profiles: Update Token Exchange Profiles
            delete:token_exchange_profiles: Delete Token Exchange Profiles
            create:user_attribute_profiles: Create User Attribute Profiles
            read:user_attribute_profiles: Read User Attribute Profiles
            update:user_attribute_profiles: Update User Attribute Profiles
            delete:user_attribute_profiles: Delete User Attribute Profiles
            read:user_effective_permissions: Read User Effective Permissions
            read:user_effective_roles: Read User Effective Roles
            read:user_idp_tokens: Read User Idp Tokens
            read:user_permission_source_roles: Read User Permission Source Roles
            read:user_role_source_groups: Read User Role Source Groups
            create:user_tickets: Create User Tickets
            create:users: Create Users
            read:users: Read Users
            update:users: Update Users
            delete:users: Delete Users
            update:users_app_metadata: Update Users App Metadata
            create:vdcs_templates: Create Vdcs Templates
            read:vdcs_templates: Read Vdcs Templates
            update:vdcs_templates: Update Vdcs Templates
            delete:vdcs_templates: Delete Vdcs Templates

````