> How you even enforce it ?

  DENY DELETE TO [agent] ON DATABASE::current;

(yes, the recommended way would be to simply grant only SELECT,INSERT,UPDATE but if I were the DBA here I would definitely put in place an explicit deny)