Custom security based on roles


How can I describe access to resourse based on roles?

RAML Spec shows example with Dropbox auth and there is rows:

    - oauth_2_0: !include oauth_2_0.yml
        securedBy: [null, oauth_2_0: { scopes: [ ADMINISTRATOR ] } ]

Where and how can I define scopes?

And how securedBy can be used to say something like: allow for SuperUser, deny for Visitor.
Is it possible?