-
GET /profiles, limit it to admin roles only, in case you don’t want simple users to access it. - If you want the users to be able to access it but to get only the records that are assigned to the user, then use policies and create a custom controller that will return the records only for the user who requested it.