A read only account should not have access to API tokens
Critical - prevents main use of Rudder | no workaround | data loss | security
Operational - other Techniques | Technique editor | Rudder settings
At least until we heave read-only tokens.
A read_only user can read current tokens and modify them, and gets a full write access to the configuration.