Read-Only mode (optional) for certains orgs (typically: production)

[mehdicherf]

Is your feature request related to a problem? Please describe.
Salesforce CLI is a powerful tool. Sometimes too powerful. I'm always a bit stressed when authenticating against a Production org since it is (really) easy to alter or delete data and metadata if using a command that was meant to be executed in a different environment (and I'm pretty sure it actually happened to distracted or unlucky consultants /admins: https://twitter.com/altius_rup/status/1390675825872224259?s=20), or to execute a "deploy" command instead of "retrieve".
This issue makes the Salesforce CLI less appropriate to work in production, compared to some of the legacy tooling (developer console ; workbench) where there was less risk of executing an incorrect command.

What are you trying to do
I would like to be able to query data and retrieve metadata from an org using the convenience of the Salesforce CLI (and VS Code extensions), but without any risk of this access being used to execute risky commands such as force:data:bulk:delete or force:source:deploy commands (which are easy to execute by mistake).

Describe the solution you'd like
When authorizing an org, I'd like to be able to pass a parameter to specify that this authorization is granted only for a "Limited / Read-Only / Restricted" mode, which would allow me to execute only a limited set of command through this authorization:

• force:data:soql:query
• force:data:bulk:status
• force:data:soql:query
• force:data:tree:export
• force:mdapi:describemetadata
• force:mdapi:listmetadata
• force:mdapi:retrieve
• force:mdapi:retrieve:report
• force:source:retrieve
• force:user:list
• [edited:] + additional commands listed below by jkranz-rk
• (and maybe other commands that don't change anything in the target org ; but those listed above are the most useful for my "read-only" use cases)

Describe alternatives you've considered
The alternative I'm using is to authenticate only for a very limited time in Production, and deauthenticate right after I've executed my queries (and re-doing it any time I have to query data or metadata from Prod). It's time consuming but it's safe :-)

Additional context
This would ease the move to Salesforce CLI (and VS code extensions) for admins/power-users/consultants that used to rely on the Developer Console and Workbench (which are much more "idiot-proof" than the CLI and the VS Code extensions)

[github-actions]

Thank you for filing this feature request. We appreciate your feedback and will review the feature at our next grooming or sprint planning session. We prioritize feature requests with more upvotes and comments.

[uip-robot-zz]

This issue has been linked to a new work item: W-10231813

[jkranz-rk]

I would love this feature. I find the CLI to offer a lot of value in pulling and gathering data and metadata from Production orgs but worry about accidentally executing a change. In addition to the commands listed, some others I would like to see allowed in such a read-only mode:

• force:apex:log:get
• force:apex:log:list
• force:apex:test:run
• force:apex:test:report
• force:limits:api:display
• force:limits:recordcounts:display
• force:schema:sobject:describe
• force:schema:sobject:list

[DougMidgley]

Cannot help but support the above!

[eltoroit]

Love the idea ❤️

[cristiand391]

Link to GH discussion post: #2189

[WillieRuemmele]

Please use the linked discussion above