Constraints are business rules of which the logic is specified in SQL. One type of constraint, the restrictive constraint, specifies which data is allowed to go into the database, and which not. The Rules Engine checks validity of database transactions against the USoft Developer repository containing the constraint specification. If a transaction violates the rule it is rejected.
Another type of constraint is the corrective constraint. Corrective constraints themselves manipulate data in the database. These manipulation attempts are also checked by the Rules Engine.
SQL select statements executed in the process of constraint evaluation are executed by the Rules Engine regardless of the authorization settings.
On the other hand, insert, delete and update statements are only actually executed if appropriate manipulation rights have been specified.
In short, you need data manipulation rights (delete, insert, and update rights) to have the Rules Engine perform manipulations on the data as a result of corrective constraint firing, but you do not need rights to have the Rules Engine evaluate restrictive constraints.
For more information on constraints, read the chapter on "Constraints" in the USoft Definer Guide.