your use case may become tricky since it depends on certain specifics of the customer use case. Some solutions I have seen around it in the past:
1. Work with a custom solution to create a clone of a record once it became approved and only consider these "read only master clones" as the source of truth for outbound systems
2. There is a versioning capability in the system that allows you to create a read only version of objects that could serve as the master copy. So you could have one "Master Version" where you add all approved objects. The tricky part however is to make sure the surroundings keep consistent. e.g. you version an item classified to structure group A. Now the next time you change the structure group A and version another item. This needs to be tested properly in your use case.
Check the chapter 4.8 of the Desktop UI Manual or its online help for further information on this capability.
We are still pondering upon best suitable option for us.
1 question though for your suggestion for "read only master clones" . Is there any OOB option to make an item as readonly, w/o customizing it?
And we think versioning will not be suitable for us, because we are building our solution in incremental basis. So we cannot guarantee that item's surrounding will be consistent.
Thanks for the feedback!
How about setting the object rights to make that happen?
Not sure if I get your idea about object rights.
I will have to do this for each "readonly" item that gets created. Given this will be an ongoing activity, I will have to automate this. How can I achieve this?
through the customizing itself!? I have limited system access this week. Did you check if maybe setting object rights via the REST API is even possible?