"One thing Development and Support will always suggest is that you start by cloning the Admin role and then remove permissions you do not think are needed."
--------------------
Wow! Something like this came from a security company? On the Windows side, we always start as User and then add permissions as needed until they have what they require.
Starting someone off as Admin and then pulling permissions leaves the system wide-open. What if you forget to remove a vital permission? That person/role would have full access to do whatever they wanted, or had permissions to do, on the SMP.
My advice would be to clone a user role and add permissions as needed. It may take longer, but at least you're not opening your SMP to possible damage by someone that doesn't know what they are doing.
If you're wanting a business to view Application Metering stuff, they may only need some of the App Metering reports. Give them a user role and "Run Reports" permissions to reports related to App Metering. I wouldn't give them save or schedule permissions on reports because you can find your SMP/database full after they inadvertantly schedule reports to run every hour or so...