I am working with a group that has multiple people managing a group of ASA's. Is there an ASA equivalent to the IOS configuration mode exclusive command? To make it so only one person at a time can be in configuration mode?
Didn't know about that IOS command, very interesting!
I am not aware of any such command on the ASA.
Some other more painful options:
I have a client that doesn't let anyone know the whole enable password, only half of it. So to make a change you have to get two people who know a different half of the enable password to make a change. In your case, the change approver could be the only person who knows the second half, and then there is one person who knows who is in enable mode at any one time.
Use TACACS+ with a OTP (one time password), and only let the person who approves the changes control the OTP. Google Authenticator is free and can be used with the free TACACS server.