diff --git a/awx/api/permissions.py b/awx/api/permissions.py
index c344778bea..09e6f0f1bc 100644
--- a/awx/api/permissions.py
+++ b/awx/api/permissions.py
@@ -249,4 +249,3 @@ class InstanceGroupTowerPermission(ModelAccessPermission):
         if request.method == 'DELETE' and obj.name == "tower":
             return False
         return super(InstanceGroupTowerPermission, self).has_object_permission(request, view, obj)
-
diff --git a/awx/api/views/__init__.py b/awx/api/views/__init__.py
index cbf41d2fe7..726f14295b 100644
--- a/awx/api/views/__init__.py
+++ b/awx/api/views/__init__.py
@@ -4487,8 +4487,7 @@ class WorkflowApprovalDeny(RetrieveAPIView):
         obj.deny(request)
         return Response(status=status.HTTP_204_NO_CONTENT)
 
-
-
+# Placeholder code for approval notification support
 class WorkflowApprovalNotificationsList(SubListAPIView):
 
     model = models.Notification
diff --git a/awx/main/access.py b/awx/main/access.py
index 936d80efab..32f96a2e35 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -134,7 +134,7 @@ def check_user_access_with_errors(user, model_class, action, *args, **kwargs):
     access_instance = access_class(user, save_messages=True)
     access_method = getattr(access_instance, 'can_%s' % action, None)
     result = access_method(*args, **kwargs)
-    logger.debug('%s.%s %r returned %r', access_instance.__class__.__name__,
+    logger.error('%s.%s %r returned %r', access_instance.__class__.__name__,
                  access_method.__name__, args, result)
     return (result, access_instance.messages)
 
@@ -2824,13 +2824,18 @@ class WorkflowApprovalTemplateAccess(BaseAccess):
 
     @check_superuser
     def can_add(self, data):
+        '''
+        A user can create an approval template if they are a superuser, an org admin
+        of the org connected to the workflow, or if they are assigned as admins to
+        the workflow.
+        '''
         if data is None:  # Hide direct creation in API browser
             return False
         else:
             return (self.check_related('workflow_approval_template', UnifiedJobTemplate, role_field='admin_role'))
 
     def can_start(self, obj, validate_license=False):
-        # Super users can start any job
+        # for copying WFJTs that contain approval nodes
         if self.user.is_superuser:
             return True
 
diff --git a/awx/main/models/workflow.py b/awx/main/models/workflow.py
index e59c98f1cc..c2b9427df9 100644
--- a/awx/main/models/workflow.py
+++ b/awx/main/models/workflow.py
@@ -684,6 +684,7 @@ class WorkflowApproval(UnifiedJob):
         from awx.main.signals import model_serializer_mapping  # circular import
         self.status = 'successful'
         self.save()
+        self.websocket_emit_status(self.status)
         changes = model_to_dict(self, model_serializer_mapping())
         changes['status'] = ['pending', 'successful']
         activity_entry = ActivityStream(
@@ -701,6 +702,7 @@ class WorkflowApproval(UnifiedJob):
         from awx.main.signals import model_serializer_mapping  # circular import
         self.status = 'failed'
         self.save()
+        self.websocket_emit_status(self.status)
         changes = model_to_dict(self, model_serializer_mapping())
         changes['status'] = ['pending', 'failed']
         activity_entry = ActivityStream(