I'm not sure I can answer your specific question, but I do have another suggestion. Create a new group for read-only people. That way, if you get more users like this one, you can simply assign them to the proper group.
Also, in the user and/or group permissions (in admin tool), you should be able to select all states in a workflow and set them with the proper permissions in just a few. Clicks. I could see the need for your API if you've got a ton of workflows.