These are a great addition and make the entity definitions self contained - great for documentation and making sure you don't forget to validate enforcement.
One additional one that would be useful is something like
It's already possible to configure admins to do everything, and users to only modify data. But I believe what you are asking is to specific which properties each user can modify?
The idea being that the admin can get any record whereas a normal user can only retrieve their own data. So a normal user can only get and modify a record where the value of the JWT Claim "UserId" is the same as the requested Id, represented by FId in the entity.