Hi Andrea,
This is definitely something that can be addressed with security privileges. You may need to create custom roles to do this, but you can restrict tables to be read, create, update, delete. This is pretty "in the weeds" of the security setup in D365FO, but definitely possible.
Sys admin by default has access to everything, there might be out of the box roles that will provide something similar to the Support Manager role. What we have done in our system is duplicate the out of the box roles and then modified those and assigned them to users.
Pretty much any screen in D365 will show you what privileges/duties/roles have access to a certain page by clicking on Options > Security Diagnostics. From a privilege you can dig deeper into what tables or entities the privilege provides access to and restrict access by only granting "read" and denying "create", "update", and "delete".
I hope this helps, feel free to reach out if you want more information.
Kerstin
------------------------------
Kerstin Newman
Business Analyst
StarTech.com
London ON
------------------------------
Original Message:
Sent: Aug 14, 2019 10:52 AM
From: Andrea Smiley
Subject: Security Permissions
Good Morning, looking to see how other customers, partners or ISV's may have addressed this question we have from a customer using our ISV solution
Customer would like to restrict our module access in D365. They would like these 4 different roles:
1. View Only – Can view all screens our module but no access to modify(Process/Update/Resend) any documents or configurations.
2. Support User – Can view all screens and process transactions in all screens(Allowed to reset/process any documents but no access to delete them. Archive is allowed.) but no access to change anything under Cross References tab, Setup Tab or Settings tab.
3. Support Manager - Can view all screens and process transactions in all screens(including delete) but no access to change anything under Cross References tab, Setup Tab or Settings tab.
4. SysAdmin – Which will have access to everything including configuration changes.
I have 20 years of GP experience, a little new to D3FO. Based on my past experience with GP - this would be something handled within GP security. Is this something the user and their partner should be able to do within security configuration maybe.
------------------------------
Andrea Smiley
Product Manager
Providence RI
------------------------------