There's an issue with Workato apps, which would allow a workaround around a workflow. Due to there being no way to limit which members of an app can submit a request, it would allow 1 person to both submit and approve a request. For example:
There are 2 groups allowed to access a de-provisioning request app. HR would put in the request, and it would then be sent to IT to approve it. The issue is, since both the IT and HR groups are members, either/or can submit it, therefore allowing someone in IT to both submit and approve a request. This could be resolved by having customizable group permissions on each page of the app.
Currently the only workaround (see attached screenshot) that I've been able to find is to do it within the processing recipe, by getting all members of the IT group and looping through them to confirm that the person who submitted the request is not a member, and if they are, to immediately reject the rerquest.
This feels like a fairly large oversight, and really impacts the checks and balances aspect of a workflow app.
Send us a ticket, we will try our best to assist you with your problem