Hi, thanks for your input!
While I agree that roles or similar might help a bit, my threat model is more "what if an attacker gains control of the Fleet application or the server below it". Then they could use the access to endpoints for lateral movement (gaining secrets through "process_env" table etc.).
I agree that my proposal would disable the live queries, but actually, this is the point of the proposal ^^ Maybe my usecase is less for incident response, but only for prevention.
However I dont think that the proposal would stop policies if users dont update (dont consent), because the server could see that the endpoint is on an old version and flag this for everyone (and the user) to see. You wont see whats wrong, but you could see that it is an old version