I want to restrict the listing of scopes for unauthenticated users. This seems to work for authenticated users only. I am not sure if this is a lack of my understanding of how the grants work or a bug.
If I create a scope in which I create a role for u_anon which has the grants type=scope;actions=list and ids=p_x;type=scope;actions=no-op then anonymous users will get a listing of all scopes in that scope. Authenticated users, on the other hand, will only see scope p_x in the listing. It seems odd to me that they are handled differently.
Is there any way I can get u_anon only to see p_x but not others?