Also, skipping add-relationship authorization if either end has legacy attribute - since this would be covered in authorization of entity-update