The average ProcessIt! user should be set up with Author access to the database (with the right to create documents)
When a request is in Draft mode--in other words, before it has been sent for approval--anyone can edit it. Once it is has been sent for approval, the only people who can edit the request are (a) the current approver(s), (b) the administrators of that workflow (as defined in the Workflow Configuration form) and (c) any people who have been designated as "Approvers on Behalf" for that particular workflow step (also set up in the Workflow Configuration form).
The workflow engine automatically sets and resets Authors fields in the requests to manage this whole process of who-can-do-what. Course, if you want to provide additional access or to give it tighter security (such as limiting who can see the request), you can add additional Authors and/or Readers fields into the main form or into your subforms.
Smart people building sophisticated applications & workflow tools for Lotus Notes, IBM Lotus WebSphere and the Internet