Permission / query for "unauthorized" role not working for authenticated "user" role

[felixhagspiel]

hey all!

I have a table invites and a permission variable profile-id for authorized users. I want authorized users to be able to select all invites where the creatorProfileId matches profile-id from the headers. This is working.
In addition, I want unauthorized users AND authorized users be able to select a single invite, if they know the ID, e.g. invite_by_pk(id: $id).
This query is not working when the user is authorized. What is the hasura / graphql way of doing this? I thought about adding a dedicated view, but I assume that there is an easier solution.