In ERC-20, the approve function is intended for all token holders and is not a "admin-only" action.This is how it operates:
When you call approve(spender, amount), the contract records: msg.sender allows spender to spend up to amount of their tokens.msg.sender is simply whoever sends the transaction. So you can only approve spending of your own tokens, not someone else’s.A random user can’t approve tokens from your balance they can only approve from their own wallet.For this reason, onlyOwner is not used in the majority of ERC-20 tokens. Ownership is not for regular token transfers or approvals, but rather for administrative tasks like pausing, minting, etc.