Hi Almog,
you can set up multiple Access rules. One for allowing all user roles to read everything. And additionally some rules with xpath constraints to disallow write access.
Simply use the dropdowns on the access rights tab to define the Read/Write permissions on attribute/association level!
BR,
Frederik
Hi Almong,
What i understand is you have different tenant members either some of those would need read, write and delete and some others only read access, you could achieve this also using a new entity to create group and assign them to relevant group in Administration Account or also create new user roles readonly and others as Edit roles and change access rules accordingly in access rights tab.