I do not want anyone outside of my finance department to be able to edit, lock, unlock deposits or delete payments. Is there a way I can limit that to certain users?
Only Treasury Manager and Accounting Manager can unlock, lock, edit deposits. To stop users from editing, unlocking, and locking deposits, remove the Treasury Manager and Accounting Manager roles.
However, the role Delete Permissions combined with other roles such as Director of Development allow users to delete payments. If you don't want users to be able to delete payments at all, remove the Delete Permissions role.
However, if you wanted them to be able to delete a payment that was not in a deposit, then you could leave them with Delete Permissions but remove Treasury Manager and Accounting Manager. Even with delete permissions, users without Treasury manager and Accounting Manager cannot delete the deposit, so if there was a locked deposit, they couldn't do anything about that and therefore couldn't delete the payment. They would receive the error: Data could not be saved. Payments cannot be removed from locked deposits.