Sontu,
JDE security is very flexible but can be somewhat complex as a result of that flexibility.
This knowledge document on My Oracle Support is a pretty good overview with a lot of links to the sub-topics: Overview and Use of Security Workbench (P00950) (Doc ID 626545.2)
But you should probably also use the Security Administration Guide for any in-depth research.
A couple of general ideas, though.
You will likely want to give them access to the inquiry functions on applications, just not the action functions like Add/Change/Delete. That can be done through Action security (Type 1).
In addition to that, you could also limit them to run only the applications they will be supporting (Type 3). For example you could add a Type 3 row in security workbench where Application Security is N for application of *ALL. Then add a row for each specific application (example, P01012) with a Y that allows them to run it. If they access a lot of different applications this could get a bit tedious, though, and you need to make sure you add back in the basic stuff like changing your password, etc. You can also use the *ALL trick on Action security as well only making Add Change Delete all N, as an example.
This will likely take you several iterations to get right. I recommend allowing the user only access to a test environment until everything is locked down the way you want it.
Don't forget to lock down OMW functions and other system set up things like OCM so they can't circumvent your controls.
Lastly, set this security up via a role and assign the role to the user rather than assign the security directly to their user ID. Might seem obvious but I had to say it.
Good luck.