Hi @gaurav,
Thanks for reaching out.
The scopes granted to a SPA for the management API are limited. This is because a token can be inspected from your SPA by a malicious party, and used to make any call within the scope to the management API. For example, a user could get a read:users scoped token and read your whole user DB. Please see the following FAQ to understand more.
http://community.auth0.com/t/how-do-i-use-the-management-api-in-my-single-page-application/24448/2
Let me know if you have any more questions about how to get around this.
Thanks,
Dan