Update authorization.md

Hi colleagues,

this is for 8.3 feature of supporting instance based restrictions on bound actions and functions.

guides/security/authorization.md

@@ -342,9 +342,9 @@ Restrictions can be defined on different types of CDS resources, but there are s
 |-----------------|:-------:|:----:|:-----------------:|---------------|
 | service         |  <Na/>  | <Y/> |       <Na/>       | = `@requires` |
 | entity          |  <Y/>   | <Y/> |       <Y/>        |               |
-| action/function |  <Na/>  | <Y/> | <Na/><sup>1</sup> | = `@requires` |
+| action/function |  <Na/>  | <Y/> | <Y/><sup>1</sup> | = `@requires` |
 
-> <sup>1</sup> Node.js supports static expressions *that don't have any reference to the model* such as `where: $user.level = 2`. <br>
+> <sup>1</sup> Node.js supports `where` clauses for bound actions and functions, which are not bound against the collection. Actions and functions bound against the collection or unbound ones only support static expressions *that don't have any reference to the model* such as `where: $user.level = 2`. <br>
 
 Unsupported privilege properties are ignored by the runtime. Especially, for bound or unbound actions, the `grant` property is implicitly removed (assuming `grant: '*'` instead). The same also holds for functions:
 
@@ -494,7 +494,7 @@ The condition defined in the `where`-clause typically associates domain data wit
 - `UPDATE` (as reject condition)
 - `DELETE` (as reject condition)
 
- > <sup>1</sup> Node.js supports _static expressions_ *that don't have any reference to the model* such as `where: $user.level = 2` for all events including action and functions.
+ > <sup>1</sup> Node.js supports _static expressions_ *that don't have any reference to the model* such as `where: $user.level = 2` for all events.
 
 For instance, a user is allowed to read or edit `Orders` (defined with the `managed` aspect) that they have created: