Should the sales person have access to reject the data they submitted or should it only be the managers that can reject data? I thought that's the way its suppose to work but the sales people have access to reject their own data they submitted. Is that a setting that can be turned off or is that the way the program is suppose to work? Any insight would be greatly appreciated. Thanks in advance.
No, that is not the intent of the application. It means that the sales person has access into higher levels of the workflow hierarchy (they have review rights into their parent nodes).
In other words, your security structure is not set up properly.