Cliodhna Egan asked on Success Community for a workaround to allow some users to edit approved records without granting them Modify All Data permission (aka making them a System Administrator).
This record is on lockdown 🔒
As of this writing, when a record is submitted for approval it becomes locked to prevent users from editing it. Most of the time this is desired behavior, especially once the record has been approved. For example, if the Sales Manager approves special pricing then that information should not change unknowingly, the Sales Manager should be expected to approve and sign off on any changes.
But I need to edit the lockeddown approved record… 🔓
Occasionally, you may have a business process where you need certain, non-admin, individuals be responsible for minor-edits and adjustments to locked, approved records. These might be your “delegated administrators” for certain departments or a trusted member of a business division who’s day job is to own and manage these approved requests.
As far as I know, approved records can only be edited by unlocking the record in the Final Approval Action of the Approval Process. But just because we unlock the record that doesn’t mean we have to lose any of our security around who can and cannot edit the record.
In this solution, we walkthrough an approval process on Opportunity and we want to authorize certain non-admins permission to edit them once approved.
We will implement this solution using:
- Custom checkbox field on Opportunity
- Custom Permission assigned to profile or permission set
- Validation Rule that disallows editing if the Opportunity is approved and user not assigned our permission
- Workflow Field Update to check our field to indicate record is approved
- Approval Process that will upon Final Approval run our field update and unlock the record
Step 1: Create Checkbox on Opportunity
In Setup, navigate to the Opportunity object and create a custom checkbox field named “Approved” that is unchecked by default. No user needs view or edit access to this field, we will use a Workflow Field Update to automate checking this field in our Approval Process.
Step 2: Create Custom Permission
In Setup, create a Custom Permission labeled “Can Edit Approved Records”. In and of itself a custom permission is nothing more than words. We will give it power by assigning it to users in Step 3 then referencing in our validation rule in Step 4.
Step 3: Assign Permission to Users
In Setup, navigate to the desired profiles and/or permission sets that you want to grant this new permission to. Any users assigned to those profiles and/or permission sets will have this permission. Again, this is nothing more than a badge of honor, it is up to our application to actually make it mean something and enforce it. That’s the purpose of our validation rule in Step 4.
Step 4: Create Validation Rule
In Setup, navigate to Opportunity object and create a new validation rule. If both the Approved__c checkbox is true AND the current user has not been assigned our Custom Permission then the user will get error when trying to edit the record, otherwise the edit will go through like normal.
Step 5: Create Workflow Field Update
In order for our Approval Process to update our new custom checkbox field we need a Workflow Field Update. In setup, navigate to Field Updates and create a new one that simply sets the checkbox value to true.
Step 6: Approval Process Final Approval Actions
Great, all our pre-work is complete and we can now update our Approval Process. In the Final Approval Actions section, edit the Record Lock option to Unlock the record for editing and to fire our Field Update from Step 5.
Now that the record is unlocked then users have the ability to edit approved records. The validation rule enforces that approved records are only editable by our authorized users.
Here’s screen shot showing that an approved record is not editable for users not assigned the custom permission. Assign the user the custom permission and the save will succeed as desired.