Cliodhna Egan asked on Success Community for a workaround to allow some users to edit approved records without granting them Modify All Data permission (aka making them a System Administrator).
This record is on lockdown 🔒
As of this writing, when a record is submitted for approval it becomes locked to prevent users from editing it. Most of the time this is desired behavior, especially once the record has been approved. For example, if the Sales Manager approves special pricing then that information should not change unknowingly, the Sales Manager should be expected to approve and sign off on any changes.
But I need to edit the lockeddown approved record… 🔓
Occasionally, you may have a business process where you need certain, non-admin, individuals be responsible for minor-edits and adjustments to locked, approved records. These might be your “delegated administrators” for certain departments or a trusted member of a business division who’s day job is to own and manage these approved requests.
The Solution
As far as I know, approved records can only be edited by unlocking the record in the Final Approval Action of the Approval Process. But just because we unlock the record that doesn’t mean we have to lose any of our security around who can and cannot edit the record.
In this solution, we walkthrough an approval process on Opportunity and we want to authorize certain non-admins permission to edit them once approved.
We will implement this solution using:
- Custom checkbox field on Opportunity
- Custom Permission assigned to profile or permission set
- Validation Rule that disallows editing if the Opportunity is approved and user not assigned our permission
- Workflow Field Update to check our field to indicate record is approved
- Approval Process that will upon Final Approval run our field update and unlock the record
Step 1: Create Checkbox on Opportunity
In Setup, navigate to the Opportunity object and create a custom checkbox field named “Approved” that is unchecked by default. No user needs view or edit access to this field, we will use a Workflow Field Update to automate checking this field in our Approval Process.
Step 2: Create Custom Permission
In Setup, create a Custom Permission labeled “Can Edit Approved Records”. In and of itself a custom permission is nothing more than words. We will give it power by assigning it to users in Step 3 then referencing in our validation rule in Step 4.
Step 3: Assign Permission to Users
In Setup, navigate to the desired profiles and/or permission sets that you want to grant this new permission to. Any users assigned to those profiles and/or permission sets will have this permission. Again, this is nothing more than a badge of honor, it is up to our application to actually make it mean something and enforce it. That’s the purpose of our validation rule in Step 4.
Step 4: Create Validation Rule
In Setup, navigate to Opportunity object and create a new validation rule. If both the Approved__c checkbox is true AND the current user has not been assigned our Custom Permission then the user will get error when trying to edit the record, otherwise the edit will go through like normal.
Step 5: Create Workflow Field Update
In order for our Approval Process to update our new custom checkbox field we need a Workflow Field Update. In setup, navigate to Field Updates and create a new one that simply sets the checkbox value to true.
Step 6: Approval Process Final Approval Actions
Great, all our pre-work is complete and we can now update our Approval Process. In the Final Approval Actions section, edit the Record Lock option to Unlock the record for editing and to fire our Field Update from Step 5.
Now that the record is unlocked then users have the ability to edit approved records. The validation rule enforces that approved records are only editable by our authorized users.
Here’s screen shot showing that an approved record is not editable for users not assigned the custom permission. Assign the user the custom permission and the save will succeed as desired.
Douglas C. Ayers 
Hello Doug:
Below please find my suggestion ….
The Solution
As far as I know, ******to edit an approved record can only be done ****** [I believe the prior segment would be easier to read if written as follows] {approved records can only be edited} by unlocking the record in the Final Approval Action of the Approval Process. But just because we unlock the record that doesn’t mean we have to lose any of our security around who can and cannot edit the record.
LikeLiked by 1 person
Thanks for the suggestion. I’ve updated the post.
LikeLike
In validation Rule $permission is not available ? how can you did this ?
LikeLiked by 1 person
Hi Anvesh,
Please note that Custom permissions are not available in Group or Professional editions. If you are in one of those editions then the $Permission syntax might not work for you.
Doug
LikeLike
Thanks Doug for your valuable reply….i noticed one more thing…after set up all these No users can able to edit other than custom permission assigned users..but if system admin unlock the record also still users can not able to edit. (my requirement is system admin can able to give access through ‘unlock record’ button at the same time the users in the custom permission can able to edit record but restrict to ‘unlock record’)
LikeLike
I have something like…in approval process, Final approval step record gets locked…..so after approval of the record it gets locked and not able to edited by users…but i want to give editable access to only 2 users after approval process..its like bypass the approval process for 2 users from record lock or give edit access for those 2 users only…any help highly appriciated
LikeLike
if i give modify all through permission set then user can access the record but he can also get access to ‘unlock Record’ button…it should not be happen. (comment followed by the above question)
LikeLike
We’re using Enterprise Edition and it can’t find the $Permission function – has anything changed here that you’re aware of?
LikeLiked by 1 person
Hi Adrienne, not that I’m aware of. $Permission global system variable should be accessible in validation rules and process builder criteria.
LikeLike
This pretty much nailed exactly what I was trying to do, so thanks! I dont think I ever would have figured that out on my own. Only issues is that it only applies to records that go through the approval process moving forward, not to records that are already approved.
LikeLiked by 1 person
Hi Jason, I’m glad this post helped. Thanks for the kind feedback!
LikeLike
Hi Doug, I have a “Notes” Text field on a custom object that has an approval process. I had to use this because I have a formula that updates the notes added with users Name/Date. Requestors were asking for a constant thread. I’ve been trying to find how to give our normal sales reps access to add to this text box after the record has been submitted for approval.
LikeLike
How to edit the records locked in initial submission action, i want to unlock records automatically when they send for approval process.
LikeLike
Hi Doug
Realise this is a bit old now but have come up against this in my very first Approval Process
Business Case
We have a record that is approved and locked
We want to clone the record which works fine but need the creator or owners of the record ONLY to be able to update a status field indicating Active or not
Your solution above would work perfectly if I can assign the Custom Permission to only the owner or creator
Any suggestions?
Appreciate your help
LikeLike
Excellent information Doug. I implemented this and it worked like a charm! But like Jason commented the problem now is the 400 or so records that are locked – how to find them without opening them one at a time?
LikeLike
I implement all steps but still getting system error message. In Approval Process, there is a field: Record Editability and only Admin or Current Approver can edit records if its approved. With all steps doesn’t unlock this functionality. Is there any other solution to achieve that with custom codes?
LikeLike