As an Approvals administrator, you can control who can access approval actions. There are two categories of actions related to approvals:
Submitter Actions
Approver Actions
Approval Actions Control
The access to Approval action is currently controlled on the standard Approvals page, My Approval page, and from the Approval Center.
Only authorized users can perform Approve, Reject, Reassign, Take Ownership of Queue /Role approval actions:
The assignee of the request
Delegate / Backup for the assignee
Backup Admin User
System Admin User
Only users who receive assignment/reassignment notifications can perform email approval actions.
Only the following authorized users can add Ad hoc approver:
The assignee of the request
Delegate / Backup for the assignee
Backup Admin User
System Admin User
In addition, the current assignee on any request on the My Approvals page can add Ad-hoc approver for any request that is Assigned or Not Submitted status
Submitter Actions Access Control
The access to Submitter actions such as Preview Approvals, Submit for Approval, Cancel/Recall approval, is available to any user who has Read/Write access to the approval context objects as well as to the objects used for Approvals (Approval Request, Approval Process Instance, Approval Request History)
You can also implement additional controls at the project level by writing triggers on the respective actions as follows:
Actions
Trigger to control further access
Preview Approvals Needed
Write a trigger on Insert of Approval Request record
Submit for Approval
Write a trigger on the creation of Approval Process Instance
Cancel / Recall Approvals
Write a trigger on status update of Approval Process Instance