I see - so I'll need to wait until the end of the day to check if this will work since others are using the Customer Maintenance task throughout the day. 

Scripts are loaded fresh each time you start the program.  You don't have to wait.  Users won't see the change until they restart their copy.

OK that's good to know. Well, I've checked Company Maintenance and found that All External Access was already checked. I'm not sure exactly how to compile the script and get the prompt - last time I added the script, it didn't prompt and I didn't make any changes in Company Maintenance, other than change the SMTP port to use TLS.

You can manually compile through a button in the lower left of the UDS Maintenance screen.

Click this and it should show a list of event scripts to recompile.

Thanks, getting closer, just seems to block everyone (including admin) from making changes to the SalespersonNo field (it seems that SalespersonNo field was correct as well as the table AR Customer Master). I've tried closing Customer Maintenance, applying the role in User Maintenance and reopening Customer Maintenance, but it won't allow me to change SalespersonNo - the "not authorized prompt is working there" but it blocks even if the user has the role that should be able to make this change. When I added the role to the user account, I tried using All Company as well as the specific company this should affect since that's the one that relates to this customer's file.

The only part I changed in Louie's script was "admin" to "SalesPerson" - I created a role with exactly that name (capital S and P), but that didn't allow me to modify the SalespersonNo when I applied the role to my own account. When I open the SalesPerson role I created in Role Maintenance, I see the role shown as SALESPERSON, so I tried to change the script using all caps and recompile - still not working, unfortunately. I wonder what I'm doing wrong here now. 

I also tried to allow the SALESPERSON role allow permissions (Create, Modify, View, Remove) in Role Maintenance for AR, Maintenance, Customer Maintenance - I only made this change in the Role Maintenance - Tasks tab. Looking in to the options in ODBC Security tab - looks like this alone could possibly control the SalespersonNo from being modified? I'd never looked in this tab before. Doesn't work either, unfortunately - still can't modify salesperson even when given the role set to do so.

The IsMember check may be case sensitive.  Match the case in Role Maintenance to what's in your script, and recompile.

Edit:

ODBC security is only for external query access, nothing functional.

Edit 2:

Change your filter to:

oSession.ASObject(oSession.Security).IsMember("admin") = 0

Hmm, I can't figure it out - I tried deleting the role and recreating it as simply "salesperson" (all lowercase). I modified the script as such and recompiled, applied role to test user - nothing. Tried granting the "salesperson" role all permissions to Customer Maintenance - nothing. 

Can you help me understand the "<>" in the script Louie shared? Should it be either < or > instead? I saw that your script differs in this regard.

<> means "does not equal". 

My understanding is that a successful IsMember match is above zero, not necessarily 1.  Zero definitely means no access.

So if =0 then SetError.