this is refering to an article concerning read only accounts for MWG7 administration.
It's clear that the permissions can be used to assign access rights to roles, but there are two problems:
It's very inconvenient to set the permission to each rule set and especially to each list, instead of having a kind of top level object to set it (like in error or log handler). Of course, there is the possibility to add a top level ruleset just for this purpose and move all rule into it. But on the lists, no way. Every list has to be configured seperatly.
But much more important:is there no possibility to prevent a read only user from adding new rulesets, lists and even save the changes? I can remove the permission for viewing the ruleset, but this is not what I want. I just want a user being able to see everything without the possibility to change, add or save something.