There currently isn’t a way to prevent a user (even at read-only) from duplicating and stealing an entire base.
Regardless of how granular permissions CAN get, that’s just totally unacceptable from a security perspective. Once discovering it, we had ...