Scenario:
An organization has offices around the world. The Web TimeSheet (WTS) administrator has created a departmental setup with the Head Office of the organization at the top of the department hierarchy and each location as a sub-department. There are multiple users in Web TimeSheet with administrator rights. The Web TimeSheet administrator, belonging to the Head Office, who is responsible for the Web TimeSheet setup as an administrator with full access found that the expense approval path of one of the users has been changed and is interested to know who may have changed the user’s expense approval path. This Web TimeSheet administrator has created a user with full administrator rights for each of the offices.

Resolution:
Web TimeSheet does not differentiate between a user with full admin rights at the root company level and a user with full admin rights belonging to a sub-department. As long as a user has full admin rights, he can add/edit/delete approver types and approval paths for users. To resolve the issue, the Web TimeSheet administrator should create a report based on User Profile template under the administration category and run this report to know how many users have admin rights. He should then create a permission profile based on Administrator permission profile, make the required changes to the new profile to ensure that they do not get the rights to change the Web TimeSheet setup like making changes to approver types and approval paths and assign the new permission profile to all those users who previously had admin rights.

Note:
Web TimeSheet does not store logs of actions performed by a user related to Web TimeSheet setup like changes made to approver types and approval paths. So there is no way to find out which user made changes to another user’s expense approval path.