Hi Team,

We have a workflow having worker, manager and approver role where Approver should not able to update the property value instead Approve or Reject action on the case and that we have achieved by restricting from the front end. 

Third party security testing team found security vulnerability where from backend Approver can able to modify/update the properties value using some Burp penetration tool.

Can you please guide how to restrict Approver to make modification i.e. that check should be on server side.

Regards,

Rajesh