In theory it could be added to the ORM but I do not think it will be a good idea because the JSON-RPC is designed for the client usage. So we want that such error message being raised (to fix them) if the client is trying to read something the user can not because it should not (we added code that normally avoid such case). And we do not want to show something as empty because user is not allowed to see it.
But your use case is probably one of the cases for which I think REST API for user application will be useful.