"Read only" access to Admin Console reports

In order to prevent the possibilty of unwanted/unauthorized changes made in the Admin Console, I would like to severely limit the number of people who have access to it. Ideally, only a few people who should be able to make changes. However, a broader group of people need to be able to access the Admin Console, so that they can read and understand the settings that have been applied. Currently, there is no "read" vs. "read/write" distinction applied to SiteCat. I would like this to be appiled, so that I could set up a group of users who essentially have the abiliy to access, explore, and understand all of the settings that have been appiled, but have no ability to make changes to any setting.