diff --git a/core/modules/rest/lib/Drupal/rest/Plugin/rest/resource/EntityResource.php b/core/modules/rest/lib/Drupal/rest/Plugin/rest/resource/EntityResource.php
index 2b246b7..facbdd1 100644
--- a/core/modules/rest/lib/Drupal/rest/Plugin/rest/resource/EntityResource.php
+++ b/core/modules/rest/lib/Drupal/rest/Plugin/rest/resource/EntityResource.php
@@ -111,4 +111,18 @@ public function delete($id) {
     }
     throw new NotFoundHttpException(t('Entity with ID @id not found', array('@id' => $id)));
   }
+
+  /**
+   * Overrides ResourceBase::permissions().
+   */
+  public function permissions() {
+    $permissions = parent::permissions();
+    // Mark all items as administrative permissions for now.
+    // @todo Remove this restriction once proper entity access control is
+    // implemented. See http://drupal.org/node/1866908
+    foreach ($permissions as $name => $permission) {
+      $permissions[$name]['restrict access'] = TRUE;
+    }
+    return $permissions;
+  }
 }