It would be better if you could share some more details and screenshots of which dashboard in your model you're talking about, but it totally depends on what user role has been given to the user and if that role has read access to all modules, and the same goes with actions.
@Dikshant thanks for the reply. We haven't started development/implementation work yet but just thinking for the future. I am curious though if a user with read-only roles could still approve, in either the enhanced workflow or through standard functionality. I believe if they want to write data back to the model it wouldn't work, but curious about just the approval component.
Let's take an example you have a Finance Analyst role. After 15th of every month until the end of the month, you want to give read-only access to certain analysts. You can design this in two different ways:
First you can create a user specific DCA Setup and in all the Budgeting Modules you can use that DCA to restrict access.
Second approach is you can create a Finance Analyst Read-Only role and assign this role to the respective users. This role will have similar module access but as a Read only.
And using automation both design can be automated. But the second approach will be a bit complex in terms of automation. DCA approach is simple check/ uncheck of Booleans for each users. You can also assign groups to each users and lock bulk users to a specific group all at once.
@Dikshant I appreciate the response. I understand the approaches for setting up read-only access, whether through DCA or through a read-only role. However, I am still trying to understand if a read-only role can approve something, if they're not required to write something back to the model, such as a comment.
Read-only roles will not be able to approve anything. In that case, you need to control the read/write via DCA. So their model role will have write access, but then you control the approvals via DCA. With DCA, also make sure workspace administrators will be able to import into cells to which they don't have access. So all your end users must be non-workspace administrators.
I found some information in the Workflow training and it does specify that read-only users can approve tasks, but it doesn't specify if they can add comments.