you can specify it in the resolversConfig:
resolversConfig: {
"Query.menuById": {
auth: {
scope: ["api::menu-item.menu-item.find"]
},
policies: ["global::is-organisation-owner"],
},
Above you can see that I use a policy and also ensure that the user has been granted the find permission for the specific entity
You can use auth: true, if you need to ensure the user is authenticated.