In The Financial Edge database, Accounts Payable has a business rule that allows you to require invoice approval before an invoice can be posted or paid. Security groups with the appropriate security rights can approve invoices and other security groups who do not have these rights cannot edit the Invoice's status at all.
FAST! is a section of Accounts Payable where users can enter multiple invoices and can commit those to the database all at one time. Currently users who do not possess the rights to edit an invoice's status are able to edit and set an invoice to an approved status in the FAST! Datasheet. When they commit the invoice, it shows as approved and may be posted or paid. FAST should uphold the group's security rights and a user without rights to should not be able to edit the invoice status.
We are currently evaluating this issue and will update this article when we have more information.