core/modules/rest/src/Plugin/rest/resource/EntityResource.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/modules/rest/src/Plugin/rest/resource/EntityResource.php b/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
index 58e359e..6c2b5f3 100644
--- a/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
+++ b/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
@@ -144,7 +144,7 @@ public function post(EntityInterface $entity = NULL) {
       throw new BadRequestHttpException('No entity content received.');
     }
 
-    $entity_access = $entity->access('create');
+    $entity_access = $entity->access('create', NULL, TRUE);
     if (!$entity_access->isAllowed()) {
       throw new AccessDeniedHttpException($entity_access->getReason() ?: $this->accessDeniedExceptionMessage($entity, 'create'));
     }
@@ -202,7 +202,7 @@ public function patch(EntityInterface $original_entity, EntityInterface $entity
       throw new BadRequestHttpException('Invalid entity type');
     }
 
-    $entity_access = $original_entity->access('update');
+    $entity_access = $original_entity->access('update', NULL, TRUE);
     if (!$entity_access->isAllowed()) {
       throw new AccessDeniedHttpException($entity_access->getReason() ?: $this->accessDeniedExceptionMessage($entity, 'update'));
     }
@@ -268,7 +268,7 @@ public function patch(EntityInterface $original_entity, EntityInterface $entity
    */
   public function delete(EntityInterface $entity) {
 
-    $entity_access = $entity->access('delete');
+    $entity_access = $entity->access('delete', NULL, TRUE);
     if (!$entity_access->isAllowed()) {
       throw new AccessDeniedHttpException($entity_access->getReason() ?: $this->accessDeniedExceptionMessage($entity, 'delete'));
     }