An Approvals administrator can control who can access approval actions. There are two categories of action related to approvals:
Submitter actions
Approver actions
Approval Actions Control
Access to Approval actions is controlled on the standard Approvals page, the My Approvals page, and from the Approval Center.
Only the following authorized users can approve, reject, reassign, or take ownership of queue/role approvals:
The assignee of the request
The assignee's delegate or backup
The backup admin user
The system admin user
Only users who receive assignment/reassignment notifications can perform email approval actions.
Only the following authorized users can add an ad hoc approver:
The assignee of the request
The assignee's delegate or backup
The backup admin user
The system admin user
The current assignee on any request on the My Approvals page can add an ad-hoc approver for any request that is in an assigned or not submitted status.
Submitter Actions Access Control
Any user with read/write access to the approval context objects can access submitter actions (such as preview approvals, submit for approval, or cancel/recall approval) as well as the objects used for approvals (such as approval request, approval process instance, or approval request history)
You can also implement project-level control by writing triggers to actions as follows:
Action
Trigger to control further access
Preview approvals needed
Write a trigger on insertion of an approval request record
Submit for approval
Write a trigger on creation of an approval process instance
Cancel/recall approvals
Write a trigger on an approval process instance status update