- `user`
  - `user.read_hidden`: read current user's hidden data.
    This includes data such as timezone and whether the user's member list is hidden.
  - `user.read_privileged`: read privileged user data such as authentication methods
  - `user.update`: update current user. This scope cannot update privileged data. This scope implies `user.read_hidden`.
- `member`
  - `member.read`: read member list, even if it's hidden, including hidden members.
  - `member.update`: update and delete existing members.
    While `update` and `delete` could be separate, that might lull users into a false sense of security,
    as it would still be possible to clear members and scramble their names,
    which would be equivalent to `delete` anyway.
  - `member.create`: create new members