As an Approvals administrator, you can assign security permissions for users so that the application actions are accessible to only certain user profiles.

There are two categories of actions related to approvals:

  • Submitter actions
  • Approver actions

Submitter Actions

Submitter actions are performed by the user who is trying to submit an object for approval. These actions include:

  • Preview approvals
  • Submit for approvals
  • Cancel/recall approvals
  • View approvals history/comments

The following users can perform submitter actions:

  • Internal user (a user with direct Salesforce org access)
  • Community user (external users who are authorized to take approval actions)

Approver Actions

Approver actions are performed by the user who is part of the approval chain for a given object. These actions include:

  • Approve
  • Reject
  • Reassign
  • Add an ad hoc approver
  • Take ownership of queue/role requests
  • Add comment
  • Email approval
  • Email rejection

The following users can perform approval actions:

  • Internal user (a user with direct Salesforce org access)
  • Community user (external users who are authorized to take approval actions)

Other Approval users are: 

  • Backup user
  • Delegate user
  • System admin
  • Backup admin

Users need the following permissions to perform any approval actions: 

  • Read/Write access to the context objects on which the approval is required (primary object and child objects). Read/Write access is needed as the system updates certain fields on these objects, such as Approval Status, Approval Preview Status, Status, when user performs various approvals actions using the user credentials.
  • Read/Write access to Approval Request, Approval Request history, and Approval Process instance as the system creates and updates records in these objects when the user performs various approvals actions using the user credentials.
  • Read access on other approval objects, such as Approval Process, Approval Rule, Approval Rule Entry, Approval Rule Assignee, Approval Rule Dimension, and Approval Matrix, to access the approval process and rule details.

Approvals Object

OWD (Org Wide Default)

Settings

Sharing RulesApprove/Reject ActionsReassign ApproverAdd Ad Hoc Approver
Approval request objectPublic read onlyNoneOnly my steps. Not for anyone else
  • Can reassign My Approval request
  • Cannot reassign others' approval requests
Cannot add an ad hoc approver at any step.

PrivateNone

Only my steps. Not for anyone else


  • Can reassign My Approval request
  • Cannot reassign others' approval requests

Cannot add an ad hoc approver at any step.


Public read/writeNoneOnly my steps. Not for anyone else
  • Can reassign approval request at any step
Can add an ad hoc approver at any step.
(Preferred setting)

Public read/write


Public read onlyOnly my steps. Not for anyone else
  • Can reassign My Approval request
  • Cannot reassign others' approval requests
Can add an ad hoc approver at any step.


The following table describes the permissions required by different user profiles

Approval ObjectDescriptionSubmitterApproverBackup AdminBackup ApproverDelegate ApproverApproval Admin
Approval RequestTracks the approvals needed from a given user on a given object
  • Read
  • Write
  • Read
  • Write
  • Read
  • Write
  • Read
  • Write
  • Read
  • Write
  • Read
  • Write
Approval Request HistoryStores history of the approval requests
  • Read
  • Write
  • Read
  • Write
  • Read
  • Write
  • Read
  • Write
  • Read
  • Write
  • Read
  • Write
Approval Process

Stores the definition of the approvals needed for a given object. This include

  • General information
  • Step and step dependencies
  • Initial and final submission actions
  • Email notification templates
  • Read
  • Read
  • Read
  • Read
  • Read
  • Read
  • Write
Approval Process InstanceRepresents an instance of a single end-to-end approval process that is generated during approval execution
  • Read
  • Write
  • Read
  • Write
  • Read
  • Write
  • Read
  • Write
  • Read
  • Write
  • Read
  • Write
Approval RuleSimilar to approval process. Also represents a sub-process / child process linked to a given step in the primary approval process.
  • Read
  • Read
  • Read
  • Read
  • Read
  • Read
  • Write
Approval Rule AssigneeSimilar to approval process. 
  • Read
  • Read
  • Read
  • Read
  • Read
  • Read
  • Write
Approval Rule DimensionRepresents an approval rule dimension.
  • Read
  • Read
  • Read
  • Read
  • Read
  • Read
  • Write
Approval Rule EntryRepresents a single entry in an approval rule.
  • Read
  • Read
  • Read
  • Write
  • Read
  • Read
  • Read
  • Write
Approval MatrixSpecifies user approval levels and authorized discount percentages.
  • Read
  • Read
  • Read
  • Read
  • Read
  • Read
  • Write
Context ObjectRepresents the approval context object. 
  • Read
  • Write
  • Read
  • Write
  • Read
  • Write
  • Read
  • Write
  • Read
  • Write
  • Read
  • Write

Visibility of Approvals Data

Approval data, such as approval requests and approval request history, is available to any user with read access to the approval context objects or to the objects used for approvals.