I want to give the field level security for one of the field as [REQ.CREATED_BY] in not submitted status.But i dont want to edit this field by [REQ.CREATED_BY] after request got submitted.I want this field to be editable by requestor only in Not Submitted, not in any other statuses.
We have updated created by token with admin user after request submittion. But in search requests page,it is showing admin user as creater for requests.
We had to do something similar one time, and with PPM we didnt found the way.
The solution for us was to make a copy for created_by and after submited the request changing the owner with a trigger to the new role we wanted to can edit the request's fields.
In porlets and request we show the copy of request field created by, but for PPM the real owner is the new one we changed via trigger. In this way the creator cant modify fields anymore but the owner can.
The copy of created_by is the field we see as visible in the request. All the elements that involves that request type(porlets, reports, searches), are customized to take that copy as the "real" created_by field, you can filter always by that field, maintaing the real one hidden only for security purpose.