Restrict Updates in Dynamics 365 when not the owner of that record in D365
At present we have restricted the HubSpot App on our tenant due to Integration that can be setup with Dynamics 365. We want to allow Hubspot but we want to restrict updates being made in Dynamics 365 where the user setting up the integration isn't the owner of that record in D365.
My understanding is that we need to update Security Roles in D365 WRITE permission to User/Business Unit only to stop updates from HubSpot updating records in Dynamics that the user doesn't have rights to update.
Any experience in this and is amending Security Roles in D365 to stop Hubspot updating records it shouldn't beased on record ownership?