When a user is created they can be nominated as a read-only user. Read only users can view records (including printing and exporting) but they can not create, edit or delete data.

Tip: A read only user is able to approve or reject an approval transaction. 

By default new users are granted read and write access to records. An option is available on the user record to restrict a user to be “read-only”. This feature does not alter which records a user can access (i.e. they still should be added to the appropriate security group) but will prevent this user from creating, editing or deleting any records.

Tip: A user can be made read-only via the User management function. See Creating New Users