Restricted Shells: Sometimes Persuasive but Usually Fallacious

If access control decisions can not be given to users and need to be enforced at a system level, Mandatory Access Controls (MAC) systems like SELinux can be used to write policy that defines exactly what can and can not be accessed on a system, regardless of who the owner of resource is. In essence, you write a policy that defines the exact set of objects the server needs access, and the system will only allow access to these objects regardless of the user, group, or permissions of the user launching the process or the process itself. An insecure way to allow CRUD operations is to allow direct SSH access to a database server and have users run queries directly on the database.

Source: gravitational.com