You have created a new security role that only has read access. However, if members of this security role are using "DeleteSoftwarePackage" method, they can delete packages that they shouldn't have access to. 

Steps to reproduce:

1. Create new security role (do not grant ANY access or privilege)
2. Add test user to the security role
3. Try to delete a Software Package
4. The package is deleted

ITMS 8.7.3, 8.8
Deployment Solution 8.7.3, 8.8

Defect

This issue has been reported to our Development team. A fix for this has been added to our next release: ITMS 8.8.1

There is a pointfix available for our Deployment Solution 8.7.3 release.
Refer to CUMULATIVE POST ITMS 8.7.3 POINT FIXES

https://bsg-jira.broadcom.net/browse/CRE-21868