Scope is a list of permissions.
There are several different grant types in OAuth. In the most widely known one - authorization code grant - the end user typically does get to review and approve the list of scopes.
Authorization code grant is really intended for cases where the end user is also the resource owner (e.g. you more or less own your email address).
This is not the case typically for enterprise/business resources, where the corporate is the owner of the resources (e.g. the corporate owns the HR records that you wish to access). Hence when you use enterprise systems you do not commonly see dialogues popping up asking if you wish to "allow blah to access to HR records" - they don't belong to you in the first place.