From the blog of Alex Meyer, D365FO and Fastpath product expert:
In the past, I’ve written about the Table Permission Framework functionality within D365FO but recently I’ve had numerous examples of this causing D365FO users issues when setting up security. Because of this, I wanted to write about it again to explain how the feature works, how to troubleshoot security errors caused by the TPF, and how to remediate it.
Table Permission Framework (TPF) Overview
As a recap TPF is used to provide an extra layer of security to your high business impact data (credit card numbers, social security numbers, etc). It is an extra check that the security framework does that requires that the user has been granted explicit rights to the table field for them to be able to interact with it. So even if a user has been given Delete permission to a table through a role, duty, or privilege they still need to be explicitly granted permission (can only be View or Update) to a field with this functionality turned on for them to actually have rights to it.