It seems I can only give one role per person / group. But I need them to be able to submit, and view all entities.
+1
I solved this with various workarounds (such as custom access templates) but it felt like a head scratcher when the more natural approach would probably be a separate role (can view all entities plus submit new ones)
Or potentially implement an access templates feature for databases (and spaces) so that workspace admins can create customized access roles?