Now while I would recommend only granting access to the areas a users needs to perform their job function (taking a ‘least privilege’ approach to security) the risk for granting read only access is less than over provisioning on accesses that can transact with the system.
The goal with this is that we want to grant all menu item displays at a Read level to the user, this would give them access to every form in the system without the ability to transact at all.
1) Go to System Administration -> Security Configuration
2) Go to privileges and create a new privilege
3) Click on Display Menu Items then click on ‘Add References’
4) In the dialog that pops up, click on the check mark in the menu bar next to ‘Name’ (this selects all options in the dialog)
5) In the bottom of the dialog, select which permission you would like to apply across all selected items (in our case we would select the Grant option on Read)
6) Click OK
Once we publish this privilege, we can validate that this process was successful by selecting our privilege we just created and clicking on ‘View Permissions’:
If you have any questions please feel free to reach out!
Some content first apeared in An Update to ‘Creating a Read Only Role for D365FO – User Interface’ by Alex Meyer