Filing API scope

I am working on a software handling many companies and accessing hundreds of users.
If I understood correctly I have to give the scope during authorization (when I request the auth code).
So when I start the authorization I must now which companies will be modified?
And if there is 10 or 100 companies will be modified, I have to put there companies in the scope, and the user must give company authorization code for every company, do I understand correctly?