there is record level locking facilitated by the settings in the privelege set of a user.
You can put a flag field in a table that 0= unlocked and 1 = locked and set the right permissions...
Security>Edit Privelege Set> Records>custom>Edit>Limited and set the calc so that edit is only allowed when flag field value = 0 for each table in which you want to enforce this restriction
Thank you for your response. That technique would prevent anyone I limit to edit the record, yet I can go back as full access, even if I limit myself, and then give myself full access again. Other than a hard copy of the record, how can auditors know that I did not change anything?
When you add the signature/contract it will be timestamped (have a field doing that). If anyone alter the contract, the file, after that FileMaker will see it (FileMaker is automatically storing a check sum) and will tell you that the file has been altered and will not be available.
But ... you are right, a full access account can ALWAYS replace the file, and if he/she is clever enough it is also possible to open the file in an editor and alter metadata.
But if the full access account is a reliable person, then it is not possible to alter the data:-)
This is a fundamental problem with most systems.
Administrators will always have the ability to change anything they want.
What you need is an audit log.
Thank you all for your responses. I am assuming that if I use privileges to limit my own accessibility when locked and a timestamp to verify the time the record was altered, that I would have a valid record during an audit. thanks again!
Also: When you want the user to do something changing the values legally you can do it by a script ... run with full access.