Hi Michael,
Yes I have seen the UMA scope 'SCIM Access' with id scim_access and Authorization Policy
uma_authorization_policy
I am a bit confused which scopes need to go where so I have now put all of "profile openid uma_authorization scim_access user_name phone mobile_phone address clientinfo uma_protection email" in the AAT request, the RPT request and the user query request.
My client is written in Ruby and I use the same id as the one that was registeered during gluu setup presumably intended for the Java SCIM client. So uma_authorization_policy already allows my client inum.
I still get the same result: 403 - insufficient_scope
thanks
Ernst