This policy will DENY access to ALL API-A methods to users who are NOT the owner of the object being accessed (except for the administrator). urn:fedora:names:fedora:2.1:action:api-a administrator fedoraInternalCall-1