Preventing psql function execution

I have a utility function to check claims in RLS policies. It seems to be working well but I want to make sure that a user cannot call the function via the api in order to try to learn which users have which levels of access in the event that a malicious actor gains access to another user's uid. How can I restrict the function to use only by the RLS policy?