A group of technically-primitive end users needs universal edit/save co-authoring access to an XLSX workbook in Sharepoint.

They all need read/write access and at the same time (let's call that co-authoring) so in a narrow window of calendar time, they can all update the many various rows and columns they are responsible for.

We need them to open it only as Excel-Online, not as real Excel 201X .

We need to prevent them from checking it out or deleting it.
Ideally, we need them not to be able to download it (for version sanity).

Is there some sub-set of custom permissions we could put into effect for this file (or, if necessary as a fall-back, an entire site) that would establish: Open in Excel-Online .NOT full client, Edit, .NOT. Check-out, .NOT. Delete file?

Thanks, in advance, for your knowledge from experience.

• Edited by commander-scott 7 hours 49 minutes ago sentence fragment

You can create a custom Permission Level to handle the Not-Delete. You can configure the library to not support checkout and to default to Open in Excel Online. 

So, you would need to dedicate a library to these files.