What i mean is that i would have to individually select each table and set it to read only for the user, as opposed to generically setting read only access for that user system-wide. As you can imagine, we have hundreds of tables, so it would take a long time to set up the user. Additionally, any time we add new tables someone has to remember to request our security team add the new table to the list of read only tables for this user.
Though I don't agree that the why is relevant (since none of the tables that the service account has access to are able to be written to), i would suspect that it's a system setting or a default value somewhere in their tool that tells it to automatically send a TSTART.
I've been told that the 3rd party system that's querying our InterSystems database does NOT start a transaction, but clearly it is, evidenced by the console message that the transaction for that process has been open for more than 20 minutes. I don't have access to their system to help them find it. And they'd be fine if we can lock out their ability to start a transaction (ie, make everything read only for that service account). Unfortunately, I've only been able to make the tables read only and not everything. Make sense?
If anyone is curious, we went the route of creating a shadow server and re-directed their reports to that shadow. The alert still occurs on that server, we just don't monitor it.