I have to specify access to collections and UDFs that are called by a UDF, that is intended to be public. I do not want my clients to be able to call the underlying UDFs directly, as they accept variable parameters, so there’s a security concern.
For instance, if I may have a method that allows me to log out an account, whom ref is passed as a parameter. If I grant access to this private UDF, my clients will be able to log each other out, which is definitely not what I want. I wish I could grant access to only the top-level UDF so that all the underlying UDFs could get called with no problem, being treated system-level and private.
And if I want a user to be able to like a post, I definitely don’t want him to be able to update posts collection directly and writing a million likes update there.
This won’t be a breaking change, as everything is currently exposed, and nothing will change to the currently configured databases.