diff --git a/packages/core/src/services/query.service.ts b/packages/core/src/services/query.service.ts
index 5ff3952a5..ff9bf23ca 100644
--- a/packages/core/src/services/query.service.ts
+++ b/packages/core/src/services/query.service.ts
@@ -245,7 +245,7 @@ export interface QueryService<DTO, C = DeepPartial<DTO>, U = DeepPartial<DTO>> {
    * @param item - the record to create.
    * @returns the created record.
    */
-  createOne(item: C): Promise<DTO>
+  createOne(item: C, opts?: UpdateOneOptions<DTO>): Promise<DTO>
 
   /**
    * Creates a multiple record.
diff --git a/packages/query-graphql/src/resolvers/create.resolver.ts b/packages/query-graphql/src/resolvers/create.resolver.ts
index 8d3b2f9b6..b1bbd66cb 100644
--- a/packages/query-graphql/src/resolvers/create.resolver.ts
+++ b/packages/query-graphql/src/resolvers/create.resolver.ts
@@ -134,11 +134,10 @@ export const Creatable =
         @AuthorizerFilter({
           operationGroup: OperationGroup.CREATE,
           many: false
-        }) // eslint-disable-next-line @typescript-eslint/no-unused-vars
+        })
         authorizeFilter?: Filter<DTO>
       ): Promise<DTO> {
-        // Ignore `authorizeFilter` for now but give users the ability to throw an UnauthorizedException
-        const created = await this.service.createOne(input.input.input)
+        const created = await this.service.createOne(input.input.input, { filter: authorizeFilter ?? {} })
         if (enableOneSubscriptions) {
           await this.publishCreatedEvent(created, authorizeFilter)
         }
diff --git a/packages/query-typeorm/src/services/typeorm-query.service.ts b/packages/query-typeorm/src/services/typeorm-query.service.ts
index 685e49491..8556380c5 100644
--- a/packages/query-typeorm/src/services/typeorm-query.service.ts
+++ b/packages/query-typeorm/src/services/typeorm-query.service.ts
@@ -3,6 +3,7 @@ import {
   AggregateOptions,
   AggregateQuery,
   AggregateResponse,
+  applyFilter,
   Class,
   CountOptions,
   DeepPartial,
@@ -191,9 +192,15 @@ export class TypeOrmQueryService<Entity>
    * ```
    * @param record - The entity to create.
    */
-  public async createOne(record: DeepPartial<Entity>): Promise<Entity> {
+  public async createOne(record: DeepPartial<Entity>, opts?: UpdateOneOptions<Entity>): Promise<Entity> {
     const entity = await this.ensureIsEntityAndDoesNotExist(record)
 
+    const passesFilter = applyFilter(entity, opts.filter)
+
+    if (!passesFilter) {
+      throw new Error('Entity does not meet creation constraints')
+    }
+
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     // @ts-ignore
     return this.repo.save(entity)