As of the 2023-01 Admin API release, you can optionally specify an
access setting when you create or update metafield definitions via the API. This new setting will allow you to control who else can access the metafields under your definition via the Admin API.
Note that this setting can only be set when the definition is in your own reserved namespace.
Possible settings you can use are
PRIVATE (no one else can access the metafields),
MERCHANT_READ (the merchant has read-only access to the metafields via the admin UI), and
MERCHANT_READ_WRITE (the merchant can view and edit the metafields via the admin UI).
Learn more about reserved namespaces.
Learn more about access controls.