1) create entity and tag,
2) associate that entity to tag.
3) user1 does not have read classification but read entity.
Make a rest call to read classification details in the entity it fails as expected:
but when we login to UI and open the entity we are able to see classification details despite of having no read classification permission which is same information as what was denied in rest call.