Making the system read only for the users
What would be the best approach to make the system read only, that is, users can login and access the system but cannot Create & Modify the records?
Is selecting all the Create & Modify privileges and disabling them recommendable?
Don’t mess with the roles/privileges themselves (some of them cannot be disabled). Go to the Roles node in the Java client (Admin tab, User Settings, Roles) and open all those that have to do with create or modify. Go to the User tab on each role, select all users, remove them and you should be good.
Kevin, I guess you were saying to remove the Create & Modify Privileges from the Privilege Tab of Each Role. Is that the correct understanding?
The Role could be tied to lot of other kind of privileges as well so removing the Users might not be feasible.
No, do not alter the roles in any way. Simply remove the roles from the users (easier to do that from the roles than from the users, as there can be LOTS more users than roles). What you end up with is that every user only has the minimal Read-Only and Discover roles that are needed to find things and look at them. If you later want to add back specific roles, you can do so, but since you only want users to look at things, Read-Only, My Profile and a role that allows them to discover things are all that is needed.