The "Audit" permission is basically just flagging that any access (or changes, if allowed) by that user will be audited with InternalAuditSuccess (or rarely, Failure) events in LEM.
Modify / Access are the actual "permissions" that dictate whether a change can be made.
Here's the role summary from the user guide:
- Administrators are users who have full access to the system, and can view and modify everything.
- Auditors are users who have extensive view rights to the system, but cannot modify anything other than their own filters.
- Monitors are users who can access the Console, but cannot view or modify anything, and must be provided a set of filters.
- Contacts are users who cannot access the Console, but do receive external notification.
- Guests are users who have extensive view rights to the system, but cannot modify anything other than their own filters.
My guess is that you and your co-admin should be administrator users and others should be auditor users (can see everything but can't make configuration changes).