What is the best practice to implement security for o-data services ? I want some users to have access to GET Entity / Entity Set but no access to CREATE / DELETE /UPDATE. For other set of users, I want them access to CREATE & UPDATE but no DELETE for the same entity.
What is the best practice to implement security at service level ?