There is a security issue regarding Document Management in Dynamics 365.
In normal situations when a user that needs document access to a record contained within a specific entity that has been enabled through the Document Management Settings cosole, and the user has been added to the SharePoint "Members" security group for that Document Library in SharePoint, everything works fine. The users are able to create, edit, or delete objects from that SharePoint document library from within Dynamics 365.
The problem comes when the user only has access to the SharePoint security group "Visitors" with Read Only access. If this user attempts to view the contents of a record which has not yet had a document library created for it inside the entity that was created from within Document Management settings console, an error is generated and displayed to the user. "Error" "Something went wrong while interacting with SharePoint".
After opening a case with Microsoft, it was found that there was a permission error when Dynamics tries to create the Document Library for the particular record that the user wants to view the contents of. Since the user does not have access to create a new document library, this error is thrown.
It would not make sense for the admin to have to go in and generate all of the document libraries for every record in all the enabled Document Management entities.
This is a huge problem when companies want to create Test Drives in AppSource to showcase demo systems for potential customers, The entire Test Drive Demo would be in read only mode and we do not want to give the Test Drive users access to create anything.
I would suggest something similar to how the Email Server Profile is handled in Dynamics 365 to overcome this shortfall. When enabling Server Based Document Management in Dynamics 365, there could be an option to define a service account to handle the creation of the document libraries for read only users.
Just my 2 cents,