If you set scope rules inside the Admin Role used by SCIM, you will notice that, when using SCIM, the designated user will still be able to manage all users in the system. This is true regardless of the scope rules set.

Identity Manager 14.x and 15.x

This is happening due to how SCIM is designed currently in IM.

If scope is vital to your operation consider working with TEWS calls.

TEWS is working on the task level, each tews request has task and task handler information but SCIM doesn't have them.

Currently there is enhancement request open for SCIM to obey scope rules - please consider leaving your vote and comment.