Generally when end user submit their application, i will set the permission as Read (application will use for evidence, not allow them to modify after workflow start), but in some case they want to cancel the workflow. I can see the workflow can be cancelled by manually start a workflow from item menu Ability to cancel a workflow , but manually start a workflow need contribute or edit permission? Minimum permissions to publish or start a workflow
Is it possible to allow end user cancel the workflow but not give them edit permission?
I'd say no. Starting a workflow needs at least contribute permissions so SharePoint can write some protocol information to the item after the workflow started.
We faced a similar problem in one of our projects and helped us by giving everyone contribute permission again so they can start workflows but on the same time we developed an event handler that declined updates made by the creator of the element.