I've been studying the Tastypie API documentation for custom authorisation.
There are eight possible methods to implement to create a custom authorisation class.
Give me a list of all objects that the user can [create, read, update, delete]
Give me a list of all objects that the user can create
The question is about philosophy and concepts, and there are actually 3 questions, but let me try to answer you question briefly.
*_list methods are filters of objects user has an access to.
*_detail methods are booleans that tell us, whether we can have an access to the exact object.
read_list - filters objects, that user will see on site.com/api/v1/cool_object/
read_detail - tells us whether user is allowed to view site.com/api/v1/cool_object/2
CREATE - POST
READ - GET
UPDATE - PUT (to upload new entity) / PATCH (to send changed fields only)
DELETE - DELETE
The method was added just for the sake of uniformity and consistency. So you were right to see no practical sense in it.
We can even check it in the tastypie/authorization.py:
def create_list(self, object_list, bundle): """ Unimplemented, as Tastypie never creates entire new lists, but present for consistency & possible extension. """