How to prevent the same user (approver) approving their task?
I have approval workflow that allow everyone to create a request. Once the request has been submitted, it will be routed to departmental approver group based on their AD department. In the event of the approver is the creator, then he/she can approver their own tasks. For security audit purpose, we should prevent the approval notification send to the approver if they raise that request.
Any suggestions will be greatly appreciated.
Solved! Go to Solution.
I got two ideas.
1. Are you using Nintex Forms for Task Forms? In this case you should be able to check if the current user opening the task form is the same user who created the item that is subject of approval. If it's the same person you can disable the submit button or the task outcome field to make it impossible to complete the task (not sure if that's enough for security audit).
2. Another possibility is to query all members of the AD group, save it to a collection variable, loop the collection and check if one member is the creator of the request. In case this person is found inside the collection, kick it out. Afterwards you can assign the task to the remaining collection of users. This would also prevent the requestor from receiving task notification for own request.
these are valid approaches, but it has to be noted they do not prevent to self-approve the request if approval task is re-delegated to the request creator.
I would recommend to customize task form and with rule like CurrentUser == CreatedBy on decision control or submit button prevent to respond the task to the request creator.
Thanks Philipp and Marian.
Agreed to hide the submit button from the creator. I have already have the rule to hide the button when CurrentUser == CreatedBy.
The second suggestion from Philipp is what I'm looking for, so the notification not go to the creator even though the button is hided. I will try implement this in my current workflow.
How are your approvers decided? Is a single task sent to all approvers or do certain conditions mean that request A could go to approver 1 and request B could go to approver 2?
Once you get to the point of selecting your approver, store the user in a variable and then compare that variable to the workflow initiator (or created by) and make sure they don't match. If they do match then you then need to decide how the next approver is selected.
Just an idea, I am not sure how many approvers in your departmental group. If the requestor is the same as approver and only one person, escalate to his/her line manager (If the line manager is setup in AD).