I have templates set with dynamic fields, with each template having a read only field to limit what other fields are populated. This works flawlessly in the Client, but in laserfiche Scanning any user can change this field, even though the security is set to read only across the board. 

This is the view of a user, or even the admin/service account group in the client. This works for importing or creating new documents in the incoming docs folder. This folder is also the only location files can be added. The security is set to prevent members of one group/branch from accessing any info from other branches. 

When I choose to scan a file, as any user, even read only users, I am able to choose the various branches listed in the database table:

This is also true for non-dynamic fields, a read only list field except to certain members is available to modify in scanning. 

This is a major security hole for this project, and I'm at a loss for finding the root cause. The security on this field is Read-Only across the board. No service accounts need to change this field, it's there to restrict the look-up only. I've tried explicitly denying everything but read access to this field and a branch user was still able to edit this field.