- Issue created by @rszrama
I understand the custom route provider uses the administer permission for controlling access to the canonical route because it's an admin path, but I'm not sure that's necessary. Simply being in an admin path does not imply full administration rights to an entity. In this case, it means that the only users who have the ability to view licenses must have full rights to edit and delete them as well.
I'd advocate for maintaining a view only permission. Bear in mind that "view any" style permissions are themselves often reserved only for administrators or trusted roles. We also have a permission for "Access the licenses overview page." I can't imagine why a user with that permission and "View any licenses" shouldn't be able to access a canonical license route.
(If the issue is that elements on the view page may also result in edits, we'd just need to make sure those components are themselves properly access controlled.)
Active
3.0
Code