I created a security role that grants users read-only access to groups so they cannot delete or amend anything. However, the group members section (connections) is not read-only. There's still full access to editing the contacts and changing their connection and I'm not sure where to access that permission.
In the administration I went to the security role, and on the custom entities tab I selected the user access level for everything because I only want the owner of the group to have full access to editing, assigning, sharing, etc. Is this the right place to restrict access? If so, why are the connections not grayed out like everything else on the page?