A zettel can be marked as read-only, if it contains a metadata value for key read-only. If user authentication is enabled, it is possible to allow some users to change the zettel, depending on their user role. Otherwise, the read-only mark is just a binary value.
No authentication
If there is no metadata value for key read-only or if its boolean value is interpreted as false, anybody can modify the zettel.
If the metadata value is something else (the value true is recommended), the user cannot modify the zettel through the web user interface. However, if the zettel is stored as a file in a directory box, the zettel could be modified using an external editor.
Authentication enabled
If there is no metadata value for key read-only or if its boolean value is interpreted as false, anybody can modify the zettel.
If the metadata value is the same as an explicit user role, users with that role (or a role with lower rights) are not allowed to modify the zettel.
reader
Neither an unauthenticated user nor a user with role reader is allowed to modify the zettel. Users with role writer or the owner itself still can modify the zettel.
writer
Neither an unauthenticated user, nor users with roles reader or writer are allowed to modify the zettel. Only the owner of the Zettelstore can modify the zettel.
If the metadata value is something else (one of the values true or owner is recommended), no user is allowed modify the zettel through the web user interface. However, if the zettel is accessible as a file in a directory box, the zettel could be modified using an external editor. Typically the owner of a Zettelstore have such an access.