How do disable user for Import and Export data?

There is some case for security of data. We might disallow for import data.
Many I know how to do that?

By access right?

There is no access right for that as export is just read access and import is create/write access.
But you may be interested by Issue 10301: We should limit data received by RPC calls - Tryton issue tracker

You may be interested in this module:

It prevents users from exporting and importing data i any model unless they are in the “Export/Import” group the module adds.

But this does not prevent a malicious user to export the data by just using read calls or to import by using create.

It will not, it is only to prevent malicious dummy users.