Disable "Schedule New Process" button for FND_READ_ONLY users.
We are a public company so compliance is a major factor in our security implementation. Our support specialists and 3rd party implementation team members have full access to our test and dev environments but only have a 'Read Only' account in our production environment. There have been no issues with this setup until last week when one of these "Read Only' users was able to kick off the 'Submit Financial Orchestration Events' process pulling in over $2 million worth of duplicate invoices.
When a user has the FND_READ_ONLY attribute enabled on their account it would be ideal for the 'Schedule New Process' button to be unavailable to them.