When a non admin users orders a catalog item which calls a flow to create a catalog item you will see the below error - The requested flow operation was prohibited by security rules.
Should have a flow designer that contains "create catalog task" action and adding catalog item variables from available to selected in flow designer, non admin users will see the below error - "The requested flow operation was prohibited by security rules".
Having the flow set to "Run As User" that triggered the flow. In this case, it is trying to insert the cat task as non admin user who does not have permissions to create catalog tasks
a) give Non admin user a role that would grant him create right on the sc_task table
b) add an ACL to that will grant him create on sc_task table
c) change the flow to Run As System