Can teammates write malicious queries?

Chartio is set up with a read-only access user. Teammates with Edit or Admin access to your database can read the data they'd like, but can not do anything to modify the database. Though they would be caught by the database anyway, as an extra level of precaution Chartio scans and rejects any malicious keywords such as DELETE and INSERT before executing queries.

If data access is an issue, you can also further limit access to specific tables.