Magnolia 5.6 reached end of life on June 25, 2020. This branch is no longer supported, see End-of-life policy.
...
JCR access security is checked on every endpoint which that reads or writes JCR data.
...
Magnolia recommends you create custom REST roles granting specific access for specific use cases.
There is no "one size fits all" recipe. Create the custom roles according to your needs. However here are a few recommendations.
The custom roles you create depend on your specific project requirements. In general, we recommend you: