Some users should only have right in JIRA to look around not change statuses or data. An audit role exists, we should be able to assign users to it.
