Go under file > manage > security, create a new privilege set in the privilege set tabs, and work with the settings under the "records" drop down. Select "custom privileges" and you will be able to get granular control over the permissions of view/edit/create/delete/field access.
There is tons of stuff in the filemaker support kb about this kind of stuff:
(that last link is old but covers exactly what you're looking for).
You should look into custom menus as well, as you can disable things like record navigation that way.
Mike gave you some great links on how to manage this with accounts, but you might consider a different approach altogether: Don't let them enter in the table at all. Have all entry be done in a separate "entry" table, and then move the data over in a controlled manner. In the long run this might be much simpler and easier to keep secure.
One problem with keeping everything in one record is deciding when to "lock" the record. When they commit it? 5 minutes after it's created? The next day? You'll likely implement a "record" button that indicates the record is complete; instead of setting lock flags to prevent further changes this button could move the data to the table of record and delete/archive the entry record.
User privilege sets for the table of record would allow view only. The script to "move" the data could run with full access privileges.
Just something to think about. I've found this methodology to be efficient and flexible. I especially like that allows you to bypass Record Validation entirely in the "entry" table. You can validate the data with calcs and alerts, giving you much more control over the user experience.