Scopes
Application scopes enable you to see what type of access an application needs to your Blackbaud data. Each publisher declares what access they need to your Blackbaud data for their application on a per product . Also, each time they want to change the data access, such as when they add new functionality, they have to obtain your consent again.

For example, if the app publisher requests limited data access to Raiser's Edge NXT, they can only perform the specified actions in Raiser's Edge NXT. They would not be able to access data in your other Blackbaud solutions until they update their app scopes and request you to review and re-approve the new access needed.
When you connect, the application can only access data based on:
-
scopes (types of access) that an environment admin has approved in the Marketplace, and
-
the user permissions of the person who authorizes the app by entering their Blackbaud credentials (also known as the consenting user).

For each product in your Blackbaud environment, the application can request to:
Full data access
When this option is set for the application, the application can operate in the context of the consenting user's permissions across all solutions, including future solutions, in your Blackbaud environment. If the application publisher adds additional functionality, it does not require additional admin approval. The application's access is only constrained by what the consenting user can do.
Limited data access
-
Read – enables the application to see data the consenting user can see, but not make any changes.
-
Write – enables the application to see and change data that the consenting user can change, but not delete.
-
Delete – enables the application to see, change, and delete data that the consent user can change.
-
Subscribe to events – enables the application to receive event notifications via webhooks when data changes in the application, but not change or delete anything. A webhook is a way for an application to listen for changes that happen in the solution.
No data access
If the application doesn't require any access to your Blackbaud data, they can set the access to none.
Tip: Just because an app requests a certain level of access, if the consenting user doesn't have that permission, the app won't be able to perform that action. For example, a volunteer at your organization has rights to enter gifts, but not delete. If the app requests access to read, write, and delete data but the volunteer logs into the app, the app will not be able to perform any delete actions because the volunteer cannot.
When you provide approval for an application's access, they cannot change their scope of access without getting re-approval. This gives you more control and review over how applications can view and change your data. Scopes are also per product, so you can decide level of access for each one your organization uses.

If you have questions about why an application requires certain access to your data, that's great! It's important for you to feel comfortable with how an application is using your Blackbaud data. On the application details page, we encourage you to use the Contact us feature to ask the application publisher questions.