User with only SELECT permissions can can insert, update or delete records.
vulners.com/securityvulns/securityvulns:doc:8971