[tluyben2]

In a dark past my company did: because these users were paying CMS users, they would not try to hack things, but rather because of the power of SQL and their lack of knowledge, they broke a lot which required backups to restore. We are talking mid 90s and Perl CGI scripts.

[adrianhel]

That sounds kind of terrifying.

[siscia]

Read only access to a replica databases seems quite a sensible choice for me.

If along you expose not the the real tables but views I honestly don't see what could go wrong.

[asdfasgasdgasdg]

The main thing I can think of is that migrations would become much more painful, because your API is the entire capability surface of the relational database you're using -- no more and no less. Hyrum's Law suggests that your users will come to depend on every facet of it.

Then again, no doubt there are some cases where this is the best solution. But it's worth being cautious before adopting an approach like this.

[kerblang]

The parent poster's grammar is kind of bad but I think their idea is to expose only views, not actual tables, so there is some degree of dependency immunization. Views are a pretty good poor person's substitute for an API right & proper.

[nicoburns]

Could you not have given them read-only access?