An Approvals administrator can control who can access approval actions. There are two categories of action related to approvals: 

  • Submitter actions
  • Approver actions

Approval Actions Control

Access to Approval actions is controlled on the standard Approvals page, the My Approvals page, and from the Approval Center. 

  • Only the following authorized users can approve, reject, reassign, or take ownership of queue/role approvals:
    • The assignee of the request
    • The assignee's delegate or backup
    • The backup admin user
    • The system admin user
  • Only users who receive assignment/reassignment notifications can perform email approval actions.
  • Only the following authorized users can add an ad hoc approver:
    • The assignee of the request
    • The assignee's delegate or backup
    • The backup admin user
    • The system admin user
    • The current assignee on any request on the My Approvals page can add an ad-hoc approver for any request that is in an assigned or not submitted status.

Submitter Actions Access Control

Any user with read/write access to the approval context objects can access submitter actions (such as preview approvals, submit for approval, or cancel/recall approval) as well as the objects used for approvals (such as approval request, approval process instance, or approval request history)

You can also implement project-level control by writing triggers to actions as follows:

ActionTrigger to control further access
Preview approvals neededWrite a trigger on insertion of an approval request record
Submit for approvalWrite a trigger on creation of an approval process instance
Cancel/recall approvalsWrite a trigger on an approval process instance status update