When setting an entity to public you can only set "expose as readonly" to yes or no.
What I like to see is to be able to grant specifically to espaces wether they can access them as readonly or write also.
for example, you have your datamodel in 1 espace.
the BO-espace is allowed to crud the entity
the FO-moduleX is only allowed to read them
the FO-moduleY is also allowed to crud them