Jitesh,
Before answering the actual question,
Creating two services for two operations is very inefficient and unnecessary. You would basically have same entity and can perform all operations on the same entity within the same service.
Coming to authorization,
Authorization check needs to be done by the ABAP code in *DPC_EXT class's methods. If you want to restrict POST, then you would do this in *CREATE_ENTITY method.
Regards
Krishna