You can assign the basic CRUD (create, read, update, delete) operations as well as full control of the entity service to specified principals.
The following predefined permissions can be assigned:
· fullcontrol - full access rights (create, read, update, delete)
· owner - access rights for changing other permissions
· read - access rights only for reading
· update - access rights for reading and writing
· create - access rights for creating a new instance
· delete - access rights for reading and removing an existing instance
There are two hidden additional predefined permissions that cannot be assigned to principals independently:
· write - access rights for writing, part of the update operation.
· remove - access rights for removing, part of the delete operation.
The operations are hidden, since you cannot write or remove if you do not have information about the object. This also can be seen in the figure below: