Download PDF
Download page Action Permissions.
Action Permissions
As an Approvals administrator, you can assign security permissions for users so that the application actions are accessible to only certain user profiles.
There are two categories of actions related to approvals:
- Submitter actions
- Approver actions
Submitter Actions
Submitter actions are performed by the user who is trying to submit an object for approval. These actions include:
- Preview approvals
- Submit for approvals
- Cancel/recall approvals
- View approvals history/comments
The following users can perform submitter actions:
- Internal user (a user with direct Salesforce org access)
- Community user (external users who are authorized to take approval actions)
Approver Actions
Approver actions are performed by the user who is part of the approval chain for a given object. These actions include:
- Approve
- Reject
- Reassign
- Add an ad hoc approver
- Take ownership of queue/role requests
- Add comment
- Email approval
- Email rejection
The following users can perform approval actions:
- Internal user (a user with direct Salesforce org access)
- Community user (external users who are authorized to take approval actions)
Other Approval users are:
- Backup user
- Delegate user
- System admin
- Backup admin
Users need the following permissions to perform any approval actions:
- Read/Write access to the context objects on which the approval is required (primary object and child objects). Read/Write access is needed as the system updates certain fields on these objects, such as Approval Status, Approval Preview Status, Status, when user performs various approvals actions using the user credentials.
- Read/Write access to Approval Request, Approval Request history, and Approval Process instance as the system creates and updates records in these objects when the user performs various approvals actions using the user credentials.
- Read access on other approval objects, such as Approval Process, Approval Rule, Approval Rule Entry, Approval Rule Assignee, Approval Rule Dimension, and Approval Matrix, to access the approval process and rule details.
| Approvals Object | OWD (Org Wide Default) Settings | Sharing Rules | Approve/Reject Actions | Reassign Approver | Add Ad Hoc Approver |
|---|---|---|---|---|---|
| Approval request object | Public read only | None | Only my steps. Not for anyone else |
| Cannot add an ad hoc approver at any step. |
| Private | None | Only my steps. Not for anyone else |
| Cannot add an ad hoc approver at any step. | |
| Public read/write | None | Only my steps. Not for anyone else |
| Can add an ad hoc approver at any step. | |
| (Preferred setting) | Public read/write | Public read only | Only my steps. Not for anyone else |
| Can add an ad hoc approver at any step. |
The following table describes the permissions required by different user profiles:
| Approval Object | Description | Submitter | Approver | Backup Admin | Backup Approver | Delegate Approver | Approval Admin |
|---|---|---|---|---|---|---|---|
| Approval Request | Tracks the approvals needed from a given user on a given object |
|
|
|
|
|
|
| Approval Request History | Stores history of the approval requests |
|
|
|
|
|
|
| Approval Process | Stores the definition of the approvals needed for a given object. This include
|
|
|
|
|
|
|
| Approval Process Instance | Represents an instance of a single end-to-end approval process that is generated during approval execution |
|
|
|
|
|
|
| Approval Rule | Similar to approval process. Also represents a sub-process / child process linked to a given step in the primary approval process. |
|
|
|
|
|
|
| Approval Rule Assignee | Similar to approval process. |
|
|
|
|
|
|
| Approval Rule Dimension | Represents an approval rule dimension. |
|
|
|
|
|
|
| Approval Rule Entry | Represents a single entry in an approval rule. |
|
|
|
|
|
|
| Approval Matrix | Specifies user approval levels and authorized discount percentages. |
|
|
|
|
|
|
| Context Object | Represents the approval context object. |
|
|
|
|
|
|
Visibility of Approvals Data
Approval data, such as approval requests and approval request history, is available to any user with read access to the approval context objects or to the objects used for approvals.