I suggest you activate trace for this service and see what is being logged. It will show you the user running the request and generated SQL. Perhaps you have a technical user running this service. You also haven't posted your XSODATA definition. Are the entities directly against tables or views? Create/Update/Delete against views only work with implemented exits otherwise they return forbidden.
↧