Custom Admin Roles / Group Membership Read Only Role

We have a need to define a custom admin role in Okta. We are using Okta groups to drive permission roles for certain applications, and it would be fantastic if we could create a custom role that would allow certain members of org leadership to view who exists in these Okta groups, but not make any changes to group membership, and not able to view any other part of Okta.

The best we have right now is Read Only for all of Okta, which exposes information about users, applications, etc. Or Group Membership manager, which would allow these persons to add/remove from these groups which could create chain of approval issues where users get unexpected permissions to the applications.

Thanks for sharing @meganl! Please also post on our Okta Ideas page for others to vote on your feature request as well