diff --git a/packages/authorization/src/authorize-interceptor.ts b/packages/authorization/src/authorize-interceptor.ts
index 54b05d6e96ac..6fac61a07170 100644
--- a/packages/authorization/src/authorize-interceptor.ts
+++ b/packages/authorization/src/authorize-interceptor.ts
@@ -125,7 +125,18 @@ export class AuthorizationInterceptor implements Provider<Interceptor> {
       error.statusCode = this.options.defaultStatusCodeForDeny;
       throw error;
     }
-    return next();
+    const restrictedProperties: string[] = await invocationCtx.get(
+      AuthorizationTags.RESTRICTED_FIELDS,
+    );
+    const result = await next();
+    if (result && restrictedProperties) {
+      restrictedProperties.forEach(property => {
+        if (typeof result === 'object') {
+          delete (result as Record<string, unknown>)[property];
+        }
+      });
+    }
+    return result;
   }
 }
 
diff --git a/packages/authorization/src/keys.ts b/packages/authorization/src/keys.ts
index 1c3d29c8767d..e779b447b8f9 100644
--- a/packages/authorization/src/keys.ts
+++ b/packages/authorization/src/keys.ts
@@ -28,4 +28,8 @@ export namespace AuthorizationTags {
    * A tag for authorizers
    */
   export const AUTHORIZER = 'authorizer';
+  /**
+   * A tag for restricted fields
+   */
+  export const RESTRICTED_FIELDS = 'restricted.fields';
 }