Found a loophole that I'm trying to close and looking for ideas. Someone has to have handled this before, surely.
I have a table of inventory records as parent, and change records or "line items" as child
Inventory --< Line Items
During creation of an inventory record, it is stamped with the account name of the account creating it.
Any person can VIEW all inventory records, but can only edit from the account under which it was created.
Since they need to edit their own inventory LineItems, and Create new ones on their own sheets, CREATE access is set to "Yes" for the LineItem table.
Line Item entry is done through a portal. Layout based on Inventory, portal lines showing records from LineItems,
When I view someone else's Inventory record, I can enter info on the blank bottom portal line since I have CREATE access to the LineItems table...but the record isn't actually created until a commit action is taken...so I can enter an entire record while in "uncommitted llimbo" and since it is through the portal, it does not count as "Editing".
Ideally, I would simply set CREATE privileges on the LineItems table and limit them...but Create Privileges are simply Yes/No.
I've tried forcing a "commit" on the line item to make the record exist...but it trips all of the "not Empty" validations and freezes the system.
Short of pulling the privileges out into a script, how do I close this loophole?
Ideas and comments appreciated,