diff --git a/guides/security/authorization.md b/guides/security/authorization.md
index 1a53ce52c8..776282cbfd 100644
--- a/guides/security/authorization.md
+++ b/guides/security/authorization.md
@@ -517,7 +517,9 @@ Supported features are:
 * [Exists predicate](#exists-predicate) based on subselects.
 
 ::: info Avoid enumerable keys
-In case the filter condition is not met in an `UPDATE` or `DELETE` request, the runtime rejects the request (response code 403) even if the user is not even allowed to read the entity. To avoid to disclosure the existence of such entities to unauthorized users, make sure that the key is not efficiently enumerable.
+In case the filter condition is not met in an `UPDATE` or `DELETE` request, the runtime rejects the request with a `404` response if the entity doesn't exist but a `READ` request would succeed if it did.
+Otherwise, the runtime rejects with `403`, so that the response is consistent whether the entity doesn't exist or the user is not allowed to read it (in both cases a `READ` would result in a `404`).
+In general, to avoid disclosing the existence of entities to unauthorized users, make sure that keys are not efficiently enumerable.
 :::
 
 ### User Attribute Values { #user-attrs}