[keycloak-user] Permission with multiple scopes - what does it mean exactly?

Hi. in UMA authorization, when adding a scope Permission you can specify a set of scopes. What a "set" means exactly is not very well documented. By trial and error I figured out that: 1. Resource with single scope and corresponding permission with same (single) scope works as expected. 2. Resource with single scope and permission with multiple scopes, of which one of them is the resource scope does not work (auth not granted). Scope set on resource to me means: this is all the things the resource owner is allowed to do with it. Scope set on permission to me means: apply this policies if either of these scopes is needed. That does not seem to be the case tho, according to point #2. Can someone shed some light how scope set on resource resolves against permission scope set? Best regards, cen