@xded Select the group you want to have Read-Only access. Click Edit. Click Privileges. Click the box "Limit access of this group", which takes away a lot of admin type functionality.
Typically, for my read-only accounts, I select the following:
- Alarm User
- Case Management User
- Cyber Threat User
- View Management
Obviously, based on your needs these will not be exact. I recommend creating a temporary "dummy" account and test applying different privileges to the account until you are satisfied with the amount of access that account has, then mirror it to all desired users.