The preventMetadataSecurity projection is a particular “placeholder” projection. Having it as part of a request won’t add any particular data to the REST response.
When this projection is included into the request, REST backend logic is instructed to skip the security evaluation, driven by the layout configuration, around each metadata composing the DSpaceObject to be returned.
In addition, no queries are performed to discover which metadata fields will be considered “public” during the building of the rest response. List of public fields is hard coded into public-metadata.cfg configuration file.
