diff --git a/manifest_template.yml b/manifest_template.yml
index 6d154ad56..1dcb93261 100644
--- a/manifest_template.yml
+++ b/manifest_template.yml
@@ -71,7 +71,7 @@ apigee:
{% endif %}
scopes:
- 'urn:nhsd:apim:app:level3:summary-care-record'
- - 'urn:nhsd:apim:user-nhs-id:aal3:summary-care-record'
+ - 'urn:nhsd:apim:user-nhs-id:aal2:summary-care-record'
quota: {{ ENV.quota | default('300') }}
quotaInterval: '1'
quotaTimeUnit: minute
@@ -92,7 +92,7 @@ ACCESS_MODES:
- name: user-restricted
nameSuffix: ''
displayName: Healthcare Worker
- scopes: ['urn:nhsd:apim:user-nhs-id:aal3:summary-care-record']
+ scopes: ['urn:nhsd:apim:user-nhs-id:aal2:summary-care-record']
requireCallbackUrl: true
description: User restricted
- name: application-restricted
diff --git a/proxies/live/apiproxy/policies/OAuthV2.VerifyAccessToken.xml b/proxies/live/apiproxy/policies/OAuthV2.VerifyAccessToken.xml
index 04ede1d35..515c24e3d 100644
--- a/proxies/live/apiproxy/policies/OAuthV2.VerifyAccessToken.xml
+++ b/proxies/live/apiproxy/policies/OAuthV2.VerifyAccessToken.xml
@@ -1,3 +1,4 @@
VerifyAccessToken
+ urn:nhsd:apim:app:level3:summary-care-record urn:nhsd:apim:user-nhs-id:aal2:summary-care-record
diff --git a/proxies/live/apiproxy/targets/scr-target.xml b/proxies/live/apiproxy/targets/scr-target.xml
index e4738eb2b..4cd4e1a11 100644
--- a/proxies/live/apiproxy/targets/scr-target.xml
+++ b/proxies/live/apiproxy/targets/scr-target.xml
@@ -29,7 +29,7 @@
AssignMessage.SetAccessModeUserRestricted
- (scope JavaRegex "(.+\ urn:nhsd:apim:user-nhs-id:aal3:summary-care-record\ .+|^urn:nhsd:apim:user-nhs-id:aal3:summary-care-record\ .+|.+\ urn:nhsd:apim:user-nhs-id:aal3:summary-care-record$|^urn:nhsd:apim:user-nhs-id:aal3:summary-care-record$)")
+ (scope JavaRegex "(.+\ urn:nhsd:apim:user-nhs-id:aal2:summary-care-record\ .+|^urn:nhsd:apim:user-nhs-id:aal2:summary-care-record\ .+|.+\ urn:nhsd:apim:user-nhs-id:aal2:summary-care-record$|^urn:nhsd:apim:user-nhs-id:aal2:summary-care-record$)")
FlowCallout.UserRoleService