Currently, as users can switch to an SSA's JSON mode, they can update the SSA JSON with an entity identifier they don't have access to and run the SSA on that entity. This violates ownership, which is defined in various ways on Port for entities.

This permission violation can be done with the Port API as well.

So, Port should not allow users to use JSON mode/API to run SSA on entities that they do not have access to.