User can't edit but can still delete?

I just setup a password collection and shared it to a few people, it’s a bit of an experiment at the moment.

I set it that the users could edit except passwords, which initially seemed exactly what I wanted, I wanted people to be able to access passwords and add new stuff to the collection, but not change existing stuff.

Tried to edit a password and it didn’t let them, perfect! Then somebody created a password on a website, then went to delete that password. They selected the one above and deleted that. So they’d now deleted something that they couldn’t edit. Is this normal operation? Seems really odd to be able to disable editing but it still allows you to delete the whole thing?