Have a DB which is used by the help desk at our company. For most users they are only reading the docs. On the docs that they need to read I have placed a Readers field with the role they are in, I made their access level in the ACL Author because they do need to place entries in the DB which are then reviewed and placed as a reference doc if valid.
Problem is I tested with a user yesterday and the visibility based on the reader field with his role worked perfect, only issue I have is When he went to create a new doc, he entered the test record, hit esc and tried to save. He get the You are not authorized to perform that operation, shouldn't the Author level in the ACL allow them to save an entry. I don't want to do an Author field as I do not want the user to be able to edit once the doc is approved. I have a Reader field which is used temporarily while the doc is in a pending status that does allow them access, but I take that away and they only have Reader access once the doc is approved.
What is a good option here.