Wondering what is the general rule for security in each server action (e.g. just security provider, or both SP + SR)?

Hey all,

As the title suggests - i’m still building out the app - but will need to soon start to make sure I have everything secured as best as possible.

In any action that the recruiter would require to be logged in, I always have the ‘Security Provider’ and I use that to then get user info. But I see posts every so often on the forum of people always also using the security restrict on workflows?

I use an action file for my node pages that has both security provider and restrict - but wondering if it is best practise to also put the security restrict on each workflow that requires the user to be logged in to use?