Upcoming in API version 2024-01, access controls (access.storefront) are modified to be more explicit for custom data. These changes affect how reserved prefixes can be modified in the admin as well as how access controls are set by apps.
As a reminder, by default metafields and metaobjects are owned by Shopify and provide no restrictions to reading, writing, or modifying.
For app reserved prefixes, access is configurable. For example, if you set access for
admin to be
storefront to be
PUBLIC_READ then the merchant will have read-only access in the Shopify admin, and the metafields will be publicly readable in the storefront surface area (Liquid templates and Storefront API).
Learn more about access controls for metafields and metaobjects respectively on Shopify.dev.