EntityAuthorizeScope: Read for all, Write only for Admin

Weetch_Russell · January 13, 2026, 3:27pm

I am trying to set the authorisation on an entity and want to limit Write/Delete permissions to users with the scope of Admin, but want anyone to have read access, even if not logged in.

How would I set this up in attributes? Or is that not possible?

For the Admin I can set

[EntityAuthorizeScopes(Admin_Scope, EntitySetPermissionsAll)]

But what about keeping it open for read for everyone else?

wlandgraf · January 13, 2026, 5:37pm

There is no way to set this with attributes, as you are mixing public/non-public permissions. You will have to implement that using server-side events.

system · January 14, 2026, 5:37pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Topic		Replies	Views
EntityAuthorizeScopes problem TMS XData	2	324	November 14, 2021
EntityAuthorize Attributes possibility? TMS XData	4	275	September 13, 2021
Problem with EnityAutotize attributes TMS XData	15	401	September 16, 2021
For an entity, I need to disable permissions on post, put, delete, patch. I have a login via JWT. TMS XData	4	277	September 27, 2021
Multiple service operations and CRUD on server TMS XData	5	345	April 26, 2022

EntityAuthorizeScope: Read for all, Write only for Admin

Related topics