Ability to restrict ability to update other’s personal settings/option for out of the box roles is not available; In technical terms, option to set “Basic” level of access for “User Setting” privilege in any custom or out of the box Security role is not present. Current options are None, Local(BU level), Deep( Parent Child BU) or Global (Organization). And for most of the out of the security roles default privilege is set to Local(BU level).
Local(BU level) access level allows an users to change personal options/setting for other users using D365 SDK or community tools. Currently there are no means to block an user to update setting for other users if we would like to keep personal option setting enabled.
This is a security issue/gap and here is a scenario –