A way to restrict access to parts of your realm schema with anonymous login token

I just created a new page where the user can login anonymously. This is a very specific use case, and I don’t want someone maliciously taking that access token from the anonymous login and trying to request other data that I don’t want them to. But I don’t see a built in way to do this… has anyone heard of way to do this? I know there are things like GraphQL directives that seem like they would make a lot of sense for this.