Restrict role to see sub-workflow and run transition

I have 3 questions on the workflow about ACLs.

  1. One of my workflow has 2 level of approval: financial department and accounting department. I set the ACLs for transitions and states corresponding to the roles. So, it’s supposed that the accounting department’s people cannot see or run transitions of financial department and vice versa. However, in reality, it does. I was trying to look around but cannot find why or how to prevent this yet.

  2. I have another workflow for service request with 2 sub-workflows and there are 2 main roles on this: manager and technician. At first, the manager will take action on the main workflow. Then, when the turn comes, technician will take action on sub and sub-sub workflow. But the thing is, the technician can see the main workflow of manager and run the transition on it (like point #1). And the manager can run the 2 sub-workflows of the technician also. Can we prevent it?

  3. After finishing running a sub-workflow, is there a way to trigger the main/parent workflow to a new state? Because for now, the manager needs to check the current state of sub-workflow before he can run transition of main workflow.