And another question (I’m opening a new thread because it’s really a different question from the one above, hope you don’t feel this is spammy):
I observed that all “Edit” buttons (Add Tags, Owners, etc.) are still shown on an entity even if a user doesn’t have edit permissions on it. I see there is a call to getGrantedPrivileges when accessing the entity, but this only seems to return the VIEW_ related permissions. I wonder if this should include the EDIT_ type permissions, and then the UI could react accordingly? It feels counter-intuitive to show all these buttons only to fail validation on API side if someone tries to use them.