Access Control
An Approvals administrator can control who can access approval actions. There are two categories of action related to approvals:
Approval Actions Access Control
Submitter Actions Access Control
Approval Actions Access Control
Access to Approval actions is controlled on the standard Approvals page, the My Approvals page, and from the Approval Center.
- Only the following authorized users can approve, reject, reassign, or take ownership
of queue/role approvals:
- The assignee of the request
- The assignee's delegate or backup
- The backup admin user
- The system admin user
- Only users who receive assignment/reassignment notifications can perform email approval actions.
- Only the following authorized users can add an ad hoc approver:
- The assignee of the request
- The assignee's delegate or backup
- The backup admin user
- The system admin user
- The current assignee on any request on the My Approvals page can add an ad-hoc approver for any request that is in an assigned or not submitted status.
Submitter Actions Access Control
Any user with read/write access to the approval context objects can access submitter actions (such as preview approvals, submit for approval, or cancel/recall approval) as well as the objects used for approvals (such as approval request, approval process instance, or approval request history)
|
Action |
Trigger to control further access |
|---|---|
|
Preview approvals needed |
Write a trigger on insertion of an approval request record |
|
Submit for approval |
Write a trigger on creation of an approval process instance |
|
Cancel/recall approvals |
Write a trigger on an approval process instance status update |
