Without Entity Access set, it should be possible to complete the app security

Use case: when an entity is never exposed you don't want to grant any entity access (following the Zero Trust security policy).

However, the the app security overview shows an “Incomplete” warning when you don't grant every entity at least 1 role 1 access rights. So in order to have a “Complete” security and a green mark, I do see unnecessary entity access granted a lot.

So, rephrasing this using 3 negations: No Entity Access set should not lead to Incomplete Security 😉