CORE allows some users to reject time entries that were submitted to a different user. Why?
This is because CORE restricts user actions based on the security permissions assigned to them. So users that have full access (all security permissions) can perform any action, including rejecting time entries submitted to other users. If you want to limit the actions that a user can perform in CORE, you should set their security permissions accordingly. Check CORE Help Center for more details.