The expandable fields use the read_many service method to retrieve results and resolve related entities.
The read_many method is using the search permission, while it should be more correct to use the read permission instead.

Moreover, the implementation of EntityResolverExpandableField in requests is not using the service and should be corrected.

• review configuration of users service (done here)
• analyze what kind of record metadata is injected in the DOM in the record landing page
• review the service.read_many permissions
• review the EntityResolverExpandableField implementation