Action Permissions
As an Approvals administrator, you can assign security permissions for users so that the application actions are accessible to only certain user profiles.
There are two categories of actions related to approvals:
Submitter Actions
Approver Actions
Submitter Actions
- Preview approvals
- Submit for approvals
- Cancel/recall approvals
- View approvals history/comments
- Internal user (a user with direct Salesforce org access)
- Community user (external users who are authorized to take approval actions)
Approver Actions
- Approve
- Reject
- Reassign
- Add an ad hoc approver
- Take ownership of queue/role requests
- Add comment
- Email approval
- Email rejection
- Internal user (a user with direct Salesforce org access)
- Community user (external users who are authorized to take approval actions)
- Backup user
- Delegate user
- System admin
- Backup admin
- Read/Write access to the context objects on which the approval is required (primary object and child objects). Read/Write access is needed as the system updates certain fields on these objects, such as Approval Status, Approval Preview Status, Status, when user performs various approvals actions using the user credentials.
- Read/Write access to Approval Request, Approval Request history, and Approval Process instance as the system creates and updates records in these objects when the user performs various approvals actions using the user credentials.
- Read access on other approval objects, such as Approval Process, Approval Rule, Approval Rule Entry, Approval Rule Assignee, Approval Rule Dimension, and Approval Matrix, to access the approval process and rule details.
|
Approvals Object |
OWD (Org Wide Default) Settings |
Sharing Rules |
Approve/Reject Actions |
Reassign Approver |
Add Ad Hoc Approver |
|---|---|---|---|---|---|
|
Approval request object |
Public read only |
None |
Only my steps. Not for anyone else |
|
Cannot add an ad hoc approver at any step. |
|
Private |
None |
Only my steps. Not for anyone else |
|
Cannot add an ad hoc approver at any step. |
|
|
Public read/write |
None |
Only my steps. Not for anyone else |
|
Can add an ad hoc approver at any step. |
|
|
(Preferred setting) |
Public read/write |
Public read only |
Only my steps. Not for anyone else |
|
Can add an ad hoc approver at any step. |
|
Approval Object |
Description |
Submitter |
Approver |
Backup Admin |
Backup Approver |
Delegate Approver |
Approval Admin |
|---|---|---|---|---|---|---|---|
|
Approval Request |
Tracks the approvals needed from a given user on a given object |
|
|
|
|
|
|
|
Approval Request History |
Stores history of the approval requests |
|
|
|
|
|
|
|
Approval Process |
Stores the definition of the approvals needed for a given object. This include
|
|
|
|
|
|
|
|
Approval Process Instance |
Represents an instance of a single end-to-end approval process that is generated during approval execution |
|
|
|
|
|
|
|
Approval Rule |
Similar to approval process. Also represents a sub-process / child process linked to a given step in the primary approval process. |
|
|
|
|
|
|
|
Approval Rule Assignee |
Similar to approval process. |
|
|
|
|
|
|
|
Approval Rule Dimension |
Represents an approval rule dimension. |
|
|
|
|
|
|
|
Approval Rule Entry |
Represents a single entry in an approval rule. |
|
|
|
|
|
|
|
Approval Matrix |
Specifies user approval levels and authorized discount percentages. |
|
|
|
|
|
|
|
Context Object |
Represents the approval context object. |
|
|
|
|
|
|
Visibility of Approvals Data
Approval data, such as approval requests and approval request history, is available to any user with read access to the approval context objects or to the objects used for approvals.
