I am about to set up a REST interface into a database for the first time. I only want to allow certain entities to be queried and only certain fields to be returned from those entities.
I don’t want anybody to be able to query metadata for anything but the entities/fields I allow.
How is this done? How do I disable the default CRUD capabilities?
if you are talking about the generic rest API: what a user can or cannot do depends on the roles that are associated with this user. So you can create a role that only allows access to the entities and the operations that the user should.