@trwnh I'm not 100% familiar with backend architecture or what you're specifically building, but you did remind me of work I was doing earlier today with Supabase. Which has the concept of "Row-Level Security", where your access to each row of data is dictated by a set of policies applied to that database table.
Common policies are: anyone can read the data, but only admin users can change the data. You can also do a thing where users can only change data on the rows of data that they added.