Limit read/write ability by using roles?

Role 1 I would like to do anything(read/write).
Role 2 I would like to do one thing(read only).
What is a good way to accomplish this?

Configure security on components that have control.

Select the components you want to have security on. Set Role 1 to have Inherit Permissions, and under restrictions select disable and disable events. This will give Role 1 the ability to read/write and Role 2 can only read.