How to set permissions on a file so only backend logic can read it?

I have a sensitive file that I need to secure such that it is only readable in the backend logic. I have been struggling to get the permissions configured correctly to fit this use case.

Whenever I invoke a backend API service from the frontend, all backend logic invoked afterwards seems to inherit the role of the user that made the original API call. So I apparently need to set explicit read permissions for every single one of those roles on the file I want to secure or it isn’t readable. But this has the undesired side effect of enabling regular authenticated users to access this sensitive file.

What I really want is to set it up such that ONLY the code running on the backend has access to this file. I can’t figure out how to make that happen with the permissions system - please help!

Try this. I have not checked, but I suspect it should work. I modified only the READ permissions for the demo purposes: