APEX

I have an application in Apex 3.0 that has 3 levels of authorization.
1. Can view everything and edit everything
2. Can read everything but can not edit anything
3. Can only view some pages not all but can't edit anything

I created an access control administration page and an authentication
function.
On the main menu page, If I say authorization is edit privileges, this
works fine. When a user who only has view access logs on, they only
see links to the pages they have access to see.

What I cant figure out is the 2nd level, users can read something
but not edit it
Each item on a page has a read only section
If I say something like Read only is an SQL expression :APP_USER in ('user 1','user 2')
this works fine; these users see the items but not edit them
But this means that I have to hard code each user id on every item and edit each item every
a new user is added

If I say the page or the item has authorization = edit privileges, than the users with
view only access dont see anything. That's not what I want. I want them to see it, but not edit it.

I tried to add something to the read only section of an item that said like
sql expression :admin_privileges = 'EDIT' ( this is a column on the APEX_ACCESS_CONTROL table)
but same results, instead of read only, the view only users saw nothing

Any thoughts on how I can allow people to view but not edit?

Alternatively is there someway to says users are members of a group and say each item is read only for that group?