With model option Data Privacy enabled, we have setup roles to define read and write access.
Even if a role has read access, users are still allowed to change data and 'play with the numbers' in their own private versions. When publishing, users will receive a warning message that some updates were not allowed. There is no indication which of the updates were allowed with write access or not allowed with read access.Only the updates with 'write' access can ultimately be published.
To prevent this warning message and confusion with end users: