We have this high level business process specifications:-
Any users inside our organization can create a new request.
The system will send an email to the user's direct manager to approve or reject. this can be done using a "Manager Approval" drop-down list which have 2 options "Approve" & "Reject"
If the request type is "Financial"
The Financial manager need to approve this request as well, after the manager approval. this can be done using a "Financial Manager Approval" drop-down list which have 2 options "Approve" & "Reject"
Once approved by the Financial manager or the manager (incase it is not financial request) the request will be closed.
Closed requests can not be modified by any user or manager.
now we want to implement these restrictions as well:-
when the process is assigned to the manager or the financial manger then only the related manager can edit the item. for example when it is assigned to the user's manager, then neither the user nor the financial manager can modify the item.
the user's manager and the financial manager can only modify their approval lists ("Manager Approval" & "Financial Manager Approval" ), and they can not modify the user's submitted data. also the users should not be able to modify the managers drop-downs.. either on the client side or on the back end site.
So is this business process something that can be achieved using Dataverse and Power apps ?? or dataverse is not designed to cover such a process?
Thanks in advance for any help.
when the process is assigned to the manager or the financial manger then only the related manager can edit the item. for example when it is assigned to the user's manager, then neither the user nor the financial manager can modify the item.
Yes, this can be controlled by security roles providing only user level read & Edit permissions on the record. and assign the record to each user based on the stage (Supervisor, Financial Manager etc). so they can only view/edit records assigned to them.
the user's manager and the financial manager can only modify their approval lists ("Manager Approval" & "Financial Manager Approval" ), and they can not modify the user's submitted data. also the users should not be able to modify the managers drop-downs.. either on the client side or on the back end site.
This can be achieved with a combination of JavaScript and Plugin/workflow. JavaScript to validate the client side to lock/unlock the fields for users based on the current user. Open only approval fields for approvers and lock approval fields for requester.
Additionally, you can have a simple plugin or custom workflow which could validate who is updating the record and which field is being updated and throw errors accordingly.
On top of all that you do have audits which can capture who modified what record and when, which can use to track down unauthorized updates.