In the On-Prem world, with InfoPath forms and standard workflow (SP2010) we designed forms which had their permissions changed soon after creation - so that only certain approving managers could see or access them.
Now, we are moving to 365, using Ninex 365 Forms and Workflows on Lists. We have in place solid governance rules in place for our migrations to SharePoint Online, and these cover permissions, and this includes the solutions we build there.
I would like, for my solutions, to have the ease-of-design afforded by item-level permissions, as I have on-prem, with permissions changed by workflow (once anyway). But there is push-back against this, on grounds of governance and support.
So - what are the pitfalls for item-level permissions?
What are others doing here? Are you controlling this tightly, or is 'the wild west'?
I would be grateful for any feedback on this.