Notifications

1455 views

Description

  • When a non-admin user orders a catalog item that calls a flow to create a catalog item you will see the below error - The requested flow operation was prohibited by security rules.
  • Flow can not create service catalog task when it's initiated by an ITIL user

 

STEPS TO REPRODUCE:

  1. create a flow for a catalog item
  2. add a "create catalog task" action
  3. set the flow to run as "user who initiates session"
  4. impersonate "ITIL user"
  5. Submit catalog item

Release or Environment

All versions

Cause

This is the expected behavior

An ACL is preventing the catalog task from being created
name: sc_task, operation: create, required role: catalog_admin
/sys_security_acl.do?sys_id=1c494140db960010c28f5223dc9619fa

Resolution

  • change the flow to Run As System
  • or modify the above ACL so users without catalog_admin can create [sc_task] records

Article Information

Last Updated:2020-01-07 17:36:54
Published:2020-01-08