Well, this is a broad answer and may vary from organization to organization, but I can share my dedicated policy for power users to use in conjunction with the ALLOW environment:roles:viewer; role:

ALLOW settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId IN ("builtin:synthetic.browser.name", "builtin:synthetic.browser.scheduling", "builtin:synthetic.http.name", "builtin:synthetic.http.scheduling", "builtin:synthetic.browser.assigned-applications", "builtin:synthetic.http.performance-thresholds", "builtin:synthetic.browser.kpms", "builtin:synthetic.http.assigned-applications", "builtin:synthetic.http.cookies", "builtin:synthetic.browser.performance-thresholds");
ALLOW settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId IN ("builtin:failure-detection.service.http-parameters", "builtin:failure-detection.service.general-parameters", "builtin:anomaly-detection.metric-events", "builtin:davis.anomaly-detectors", "builtin:metric.metadata", "builtin:settings.calculated-service-metrics", "builtin:user-action-custom-metrics" , "builtin:custom-metrics" , "builtin:tags.auto-tagging", "builtin:tags.manual-tagging", "builtin:alerting.maintenance-window", "builtin:alerting.profile", "builtin:problem.notifications", "builtin:monitoring.slo");
ALLOW settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId IN  ("builtin:rum.mobile.name", "builtin:rum.mobile.key-performance-metrics", "builtin:rum.mobile.request-errors", "builtin:rum.source-mappings", "builtin:rum.web.name", "builtin:rum.web.request-errors", "builtin:rum.web.custom-errors");
ALLOW settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId IN  ("builtin:settings.mutedrequests", "builtin:settings.subscriptions.service");

Hope it helps! At least is not a blank sheet to work on....