• i believe this adds read only functionality to a windows/ad group which is ok. What I was looking at doing was this

    Add windows\ad group helpdesk as a login.

    Give it public access to database

    create a user defined database role that has the read only rights and the one table update

    add this wind\ad group login to the user defined database role

    AM I missing something