Eric Starr over at Anthillizer provides a how-to for creating an Auditor Role in your AnthillPro. He suggests default “read” or “view” permissions across the board but no execute permissions. Seems like a reasonable strategy for most teams.
Anthillizer is on a bit of a security kick recently and provided some cheat sheets for security settings.