Efforts around permissions / read-only also need to incorporate Custom Field permissions.  It is no less important to protect custom fields from update that any other field or transaction.  There can be critical pieces of data stored that have far-reaching impacts (for example used in GL segmentation and mapping) that can currently be updated by ANY PERSON with Platform UI access.  For example, why should a clerical person assigned to input external refunds have the ability to change an "account type" or "business entity" custom fields on the account, which in our tenant are critical for managing multi-org balance sheet assignement.

As a note we have also played around trying to create a "read only" account, by creating a role and unchecking everything.. We were still able to download customer accounts/product catalog/payments/etc. into excel, and we were also able to import files, which would ultimately update all accounts, this was the major red flag we found when trying to implement.  In the read only account, all abilities to import documents would need to be turned off. 

@Kstahl thank you for the feedback and yes, what you observed is the current behavior. True read-only accessible is still under research and our Product Management team will keep this forum updated once we have the ETA or any development.

To clarify prior comment, our team believes the first priority is a true read-only platform role that cannot do anything to update data.

The desire to further refine permissions at a custom field level (e.g. so role A can do updates including custom field X, while role B can do updates but not custom field X) is of lesser importance than the main need.

While WEX uses Zuora for subscription maintenance and reporting only, it would be extremely beneficial to us to have a 'Read Only' user role created to allow for others to view data in the system but not edit adjust the subscription level information.