Expose only specific jmixentities wit Jmix Rest

in our project we use the Jmix-Rest API and expose the Entities annotated with JMixEntity for Rest calls. This however exposes all JmixEntities per default. The JmixEntity-Annotation is used for both, the CRUD rest api and for templating etc. While the later is ok for the templating etc the former is not supposed to expose all entities per CRUD per default.
However we are looking for a way to expose only a few select entities like that and not make them accessible via Rest per default.

Is there a property, setting or annotation that lets you do that in JMix?
I know that Jmix is built ontop of Spring. Is there maybe a way with Spring config or anntotations?

Thank you in advance!

You can limit the number of entities available with REST API with resource role.

The role must have the "API" scope:

@ResourceRole(name = "New role", code = "new-role", scope = "API")

For this role you can limit the number of entities the user can access, e.g. like this:

    @EntityAttributePolicy(entityClass = MyEntity.class,
        attributes = "*",
        action = EntityAttributePolicyAction.MODIFY)
    @EntityPolicy(entityClass = MyEntity.class,
        actions = EntityPolicyAction.ALL)
    void myEntity();

If you assign this role to a user, the user won't be able to read only specified entities with the REST API.