In SEPM version 11 there were no admin rights for package, resulting in every admin having the rights to deploy packages using the SEP console.
In SEPM version 12 package rights were introduced.
An admin with the right of READ ONLY can see all the details of packages, install settings, and install feature sets, but CANNOT deploy packages.
Conversely, an admin with FULL ACCESS rights can deploy packages to group but can change (and thus, for example delete or make every sort of mess with) packages, install settings and install features.
In my opinion this is a regression from version 11.
I think that another user right should be added ("DEPLOY") since obviously in large corporates roles are defined granularly and, more often than not, people who deploy software are different from system administrators.
After all, "limited administrators" are created just to grant people a limited set of rights.
Thanks for your attention.