Thanks for the post. If a user is set to read-only but they are still able to make changes it is likely they may have alternate permissions set on a project level, or they are a member of a user group that has project-specific permissions.
I’d recommend checking the project level first by going to Administration > Projects, then going into the configuration for the project that they were able to make changes to. On the project configuration page, go to the “Access” tab, and locate the user in the list. On that page, you’ll see a column for global role, showing the user’s default permissions, and the next column will show any project specific roles that have been assigned to them. If there is no option selected there it will default to the global role.
Beyond that, you will also want to check on the same access tab if there are any user groups created that have project-level permissions. Again, if nothing is selected it will default to each user’s global role, but if a user is in a group that has project specific permissions selected, it will override the default user role. If any groups there are listed with permissions selected, go back to edit the user and remove them from any groups if necessary.
If you’d like, you can find more details about setting up user permissions in the guide here:
If you’ve checked the above and you’re still having issues with read-only users being able to make unwanted changes, please reach out to the support team at email@example.com and we’ll be happy to help.