This can be done with a ChangeInterceptor. If you want to allow clients to modify customers for instance but do not enable them to change the md5 password then do:
[ChangeInterceptor("Customers")] // table to query intercept
public void WindowsServiceChange(Customer customerEntity, UpdateOperations operations)
{
// make sure following colums are not changed
if (this.CurrentDataSource.Entry(customerEntity).Property("Password").IsModified)
{
// client attempted to update a column he was not supposed to update
throw new DataServiceException(400, "Access to update column denied");
}
// else do nothing
}
Place this method inside the data service and every time a client tries to modify or update a customer it will go through that method. That method could also help you validate the customer's properties. and even update its properties prior to insert it to the database.