Update guidance based on group feedback

cristian-recoseanu · cristian-recoseanu · commit ade02a74e704 · 2025-07-01T13:59:39.000+01:00
diff --git a/docs/Authorization Practice.md b/docs/Authorization Practice.md
@@ -254,7 +254,7 @@ A token claim could also offer asymmetrical access like in the following example
 }
 ```
 
-Note that PATCH requests against URLs ending in `/bulkProperties` do not require write access as they do not make modifications to the device model and are only used for validation purposes.
+Devices MUST check that PATCH requests against URLs ending in `/bulkProperties` have the necessary write access. This allows for permission errors to be identified at the validation stage before a client attempts to perform a restore by using the PUT verb.
 
 [IS-10]: https://specs.amwa.tv/is-10 "AMWA IS-10 NMOS Authorization Specification"
 [RFC-2119]: https://tools.ietf.org/html/rfc2119 "Key words for use in RFCs to Indicate Requirement Levels"

Original file line number	Diff line number	Diff line change
`@@ -254,7 +254,7 @@ A token claim could also offer asymmetrical access like in the following example`
`254`	`254`	`}`
`255`	`255`	```
`256`	`256`
`257`		-Note that PATCH requests against URLs ending in `/bulkProperties` do not require write access as they do not make modifications to the device model and are only used for validation purposes.
	`257`	+Devices MUST check that PATCH requests against URLs ending in `/bulkProperties` have the necessary write access. This allows for permission errors to be identified at the validation stage before a client attempts to perform a restore by using the PUT verb.
`258`	`258`
`259`	`259`	`[IS-10]: https://specs.amwa.tv/is-10 "AMWA IS-10 NMOS Authorization Specification"`
`260`	`260`	`[RFC-2119]: https://tools.ietf.org/html/rfc2119 "Key words for use in RFCs to Indicate Requirement Levels"`