At the most basic level, Velixo is governed by the same access rights as Acumatica. So if you want to control access to various Velixo features, you can do so by controlling access to the screens used for those elements in Acumatica:
Drilldown - Account Details and Project Transaction Details
GL Writeback - Journal Transactions
Budget Writeback - Budget
The first time you connect to a tenant, the system will prompt you to create the generic inquiries that are necessary to support Velixo Reports.
To do that, you need access to the Generic Inquiries page within Acumatica (or MYOB Advanced). At a minimum, a user would require DELETE access to that page.
If you do not have sufficient access to the Generic Inquiries page, an error will be displayed.
Once the inquiries have been created, you only need to have Read access to the VelixoReportsPro-*** inquiries (from the Hidden or Data Views section of the site map) to be able to use Velixo Reports.
Under typical circumstances, all Acumatica (or MYOB) users have access to all of the VelixoReportsPro-*** inquiries.
Confirming Access to Generic Inquiries
To verify the permissions, open Acumatica's Access Rights by Screen page (SM.20.10.20).
You then want to expand the area where the Velixo inquiries are listed. This area can vary, based on whether or not you are using Velixo Reports in Easy Start or Customization Mode, and your version of Acumatica.
When using Customization mode with an up-to-date version of the Acumatica Customization Project, you will want to expand the Velixo area. When using Easy Start Mode, you will want to expand the Data Views folder (or Hidden folder if you're using version 2019 R1 or earlier):
All the inquiries that Velixo Reports uses will have the prefix VelixoReportsPro-
(note: You may have other, custom Velixo inquiries. These will typically have the prefix Velixo)
Within that folder, scroll down to the data views that begin with VelixoReportPro-
When Not Set is assigned to all roles (as shown above), Acumatica will ALLOW every role to have access to the inquiry.
However, any change can affect all users
As soon as access rights are directly set for ANY role...
... Acumatica will DENY access to the inquiry for every other role which is configured for Not Set. (i.e., does not have an access right which has been explicitly configured).
In this situation, one of the following access rights MUST be set for any roles which require access to Velixo Reports: View Only, Edit, Insert, or Delete.
For additional information on access rights levels, refer to this Acumatica help article: Levels of Access Rights
Restriction Groups (aka 'Row-Level Security')
As the name suggests, Restriction Groups provide the ability to restrict accounts, subaccounts projects, etc. on a user-by-user basis. Velixo Reports supports the user of Restriction Groups. More information about configuring this type of security can be found in the Acumatica Documentation.
It should be noted that, after changing the restriction groups configuration, you should always do a Full Refresh in Velixo to synchronize your local cache