I created a vacation tracking list for which I have a workflow to ensure that the requester cannot approve their own vacation!
Even though I 'deleted permission assignment' based on 'created by' and then granted 'read only' permission for that user (created by) using 'Grant permission on item' workflow, the user who 'created' the request can still approve his own vacation. Why? What am I doing wrong? See attached image for full workflow screeshot.
The goal is to prevent someone who created the vacation request in the list to approve their own vacation since they are a manager and are part of the approval group which has design permission over the site. The manager should be able to approve vacation but not their own!
The approvers area a group which have design permission on the site.
Also for more background about my workflow: