Merge has always behaved this way, and the behavior is by design. The user doing the Merge is only limited in what they can change by their change permissions to the fields on the form.
Merge can even do things like: "remove data from a diary field" "alter the 'Create Date', 'Last Modified By', 'Modified Date' " "set non-core required fields to null values" As a point of control I advocate the design idea that a "test4Dup" type Filter logic should be applied to all user accessible forms. If a merge event happens and the user fails to set a *secret* value into a display only field, then the user is not authorized to complete the Merge and the Filter throws an error. Then you can control who can Merge to the form by field permissions [real security] and who knows the *secret* word [obscurity]. :) Just my two cents. -- Carey Matthew Black Remedy Skilled Professional (RSP) ARS = Action Request System(Remedy) Love, then teach Solution = People + Process + Tools Fast, Accurate, Cheap.... Pick two. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
