When running Monitor, a user needs to have "Modify All Data" or "Modify Metadata Through Metadata API" permissions, and "Author Apex" is further needed if we want to monitor Apex classes. I understand why an user would need these when comparing for a deployment, but for a more "read-only" use case like running Monitor, is it possible to lessen the permissions needed?

Context: we're looking into using Gearset for auditing purposes, and the Monitor feature looks to fit our needs; that said, if in order to monitor production changes requires the user to have full deployment permissions (and author apex), it introduces a security risk that the monitor user has deployment perms, instead of just having read-type perms