In awork, we have two permissions: read and manage. With the read permissions of a feature, you have access to all GET endpoints which are related to this feature.
To get access to the POST,PUT, DELETE, and Business Operation endpoints, manage permissions for this feature is required.