I think there's a bug in the DataPortalOperationExtensions class in 4.5.700. The line is 29:
// CSLA handles Execute/CommandObject as Update operations
// - this is the permission that the client DataPortal checks.
throw new ArgumentOutOfRangeException("operation");
If operation is Delete is returning AuthorizationActions.CreateObject but I think it should be AuthorizationActions.DeleteObject instead.
Definitley a bug.
Added issue: https://github.com/MarimerLLC/csla/issues/341
Copyright (c) Marimer LLC