What's the best way of restricted who can edit public data in database

I have privacy rules set up for particular data type so that Everyone else can View all fields and Find this in searches.

How can I restrict only certain users to being about to edit this data?

I have an option set called Role and I only want to allow Users with Role: Admin to be able to edit the data.

I can see that Auto-binding can be allowed/disallowed based on Privacy When rules but there doesn’t seem to be a way to blanket allow/disallow editing rights to particular fields in a data type.

Anyone got a nice solution or recommendation for this?

The workflow you will set will update DB and this is using the only when function that you will allow a user to modify some field. You can have multiple WF to update DB with different conditions.
Autobinding is different and doesn’t need to use WF to update DB. This is why you can set privacy rules that will restrict who can modify fields. But in WF, this is done with conditions

Also, you can set condition to an input to make the field disabled base on the current user role.