There is some case for security of data. We might disallow for import data.
Many I know how to do that?
By access right?
There is no access right for that as export is just read access and import is create/write access.
But you may be interested by Issue 10301: We should limit data received by RPC calls - Tryton issue tracker
You may be interested in this module:
It prevents users from exporting and importing data i any model unless they are in the “Export/Import” group the module adds.
But this does not prevent a malicious user to export the data by just using read calls or to import by using create.
It will not, it is only to prevent malicious dummy users.