Thanks for pointing this out. This again proves “you never know what you have not read yet in the fabric documentation”.
The idea of this article came after a discussion on security about private data, and access control with client ID (CID) is what I tried before and therefore tested as a way to get rid of this situation. Good that all are written explicitly.
Regarding private data, I personally think the term “private data” has an implication that the data is not disclosed to anyone outside a group. Giving many granular control provides design flexibility, but always becomes potential loopholes when security is of concern. For example, isn’t it good if implicit data collection just accessible by the organization but not others by default, rather than I need explicit access control on it? It’s worthy to think about.
Nevertheless, one objective of my write-up is to do illustration on some concepts or topics, explore how things work behind, and make it understandable to a wider public. This is how I have learnt a lot from great contributors like you, and am trying to share back what I have learnt to those who are interested.
Once again, thanks and I will incorporate a note in the article later highlighting this.