If the model is from Workspace Model Registry, the creator of the endpoint must have Can Read permissions on the registered model of any model version that is specified in the endpoint configuration. If the model is from Unity Catalog, the creator of the endpoint must have the EXECUTE privilege on the registered model of any model version that is specified in the endpoint configuration, plus USE CATALOG and USE SCHEMA privileges on the parent catalog and schema of any such registered model.
https://docs.databricks.com/en/security/auth-authz/access-control/serving-endpoint-acl.html