FileMaker's security is always going to allow you to be able to edit a field if you're able to create that field. What I would do is create a new table with a 1-to-1 relationship to the main table and give them the ability to add fields to the new table, but not the main table that you want to keep secure from them.
It's not the ability to add a field that I'm worried about, but the ability
to edit data in browse mode to fields they add using Modify on the top
right of the toolbar. I was logged in with Full Access so I'm not sure if
that would enable the situation where all my users do not have FAPs.
Thanks for the idea, I'll test and post back here.
Only a Full Access account can modify schema. When using a restricted access account these capabilities do not show.