Troubleshoot Role-Based Access Control and Authorization
Here are some solutions to common issues experienced when implementing role-based access control (RBAC) using the Authorization Core feature set.
Role-based access control is enabled for my API, but the scopes claim is not showing what you say it should
Make sure that you aren't setting
accessToken.scopein a rule.
Remember that any configured authorization rules run after the RBAC-based authorization decisions are made, so they may override the default behavior.