Create function for RLS that cannot be called by users

I've created some utility functions that I use in my RLS and they seem to work but some of them could be abused by users to learn about other users. How do I ensure that an authenticated user cannot just call one of these functions on their own? I basically want to restrict the functions to only being called by the backend itself to check the details of a user.