Disable front-end query or protect some fields

Is it possible to disable queryAnywhere and make queries from functions and webhooks only? I don’t want to let users make queries as they please.

If the answer is no, how do I dictate some field values? Eg: fields like created_at owner_id should be set from the backend only.

I’d be glad if anyone has a tutorial for proper CRUD rules with.

Have you found a solution?

Ended up making database collections read, write, insert, delete protected and handling db queries from private system functions.