I have a sensitive file that I need to secure such that it is only readable in the backend logic. I have been struggling to get the permissions configured correctly to fit this use case.
Whenever I invoke a backend API service from the frontend, all backend logic invoked afterwards seems to inherit the role of the user that made the original API call. So I apparently need to set explicit read permissions for every single one of those roles on the file I want to secure or it isn’t readable. But this has the undesired side effect of enabling regular authenticated users to access this sensitive file.
What I really want is to set it up such that ONLY the code running on the backend has access to this file. I can’t figure out how to make that happen with the permissions system - please help!
