Separate out Query (ie."Add Query" ) security permissions
Change the security to allow the separate inactivation of the "Add an Ad-hoc query" button from the Analysis > Query section for users with permission to run queries (through permission to the Query section in general)
Blackbaud Product Development confirmed the rights to run, edit, add are an all in one general, top level Query section permission.
Please see case 12114379 titled "BBECRM How to inactive "Add Query" button".
This would be a great feature and allow us to expand the usage and utilization of BBCRM throughout the Institution