Create Record Action throws "Error occured while inserting record: null"

mlopezrivera · ‎06-04-2025

I'm building a process Engine flow that will add a user to a group when the RITM is approved. Every time the flow runs, it errors on the Create or Update Record Action with the following:

{
    "Action Status": {
        "code": 1,
        "message": "Error occured while inserting record: null"
    }
}

I've tried:

Using the Create Record action
- Same result
Checking that user and group are both being populated with sys_ids that exist
- Both sys_ids exist and are being passed to the action and I can see that both ids exist in the instance.
Checking business rules on the sys_user_grmember table with setAbortAction
- None of them have this method
Checking Data Polices on the sys_user_grmember table
- None exist
Confirming that the user is not already a member in the group
- They're not. On top of this, the first thing the flow does a lookup check that ends the flow if the user is already a member.

Not sure what else to try.

mlopezrivera · ‎06-11-2025

I was able to find a workaround. Adding it here for future reference.

The crux of the issue was the flow trying to add users to a group with roles from a scoped app. This app had "Application administration" turned on in the app's settings. This means that granting roles to others must be done by the a user with the app's admin role; or if the role has another role in its "Assignable by" field, then the user granting the role must have that role.

ISSUE: In Flow designer when you set "Run as" to System, the flow is actually run with the global admin role. Docs and forums say that the system bypasses ACLs, but that doesn't seem to be the case in Flow designer (global admin doesn't bypass all ACLs). It also doesn't pass up the "prohibited by security rules" error when I was running it as System: hence the "null" error I was getting.

I confirmed this by adding the scoped admin role under the global admin, and the flow added the group member record just fine.

However, it isn't best practice to add an application admin role to the global admin role: KB0957390

WORKAROUND: Use the "Assignable by" field in the roles that the group contains.

Don't put the app's admin role because you can't choose any admin roles within a Flow's "Run with role(s)". This includes scoped application admin roles.

You also can't choose the role itself as it prevents cyclical references.

Choose a role that makes sense and put that in the "Assignable by" field, then run the flow as "User who initiates the session", and put that same role in the "Run with roles(s)" in the Flow's properties. Afterwards, the flow can grant membership to groups with the scoped roles.

The following links were helpful

and thanks to @Ankur Bawiskar and @Muhammad Salar for responding.

View solution in original post

Muhammad Salar · ‎06-10-2025

No issues in creating record on my side. Try to create record manually in table with same user and group and see if you are able to insert it

mlopezrivera · ‎06-10-2025

Good idea for the sanity check - I was able to insert both using a script and manually. The flow fails on the Create Record / Create or Update Record action.

mlopezrivera · ‎06-10-2025

A little more context - it seems the flow only fails when it is run as system. Not sure why this is the case as I thought there were no security restrictions. However - the "Start FlowDesigner Flow" on the sc_req_item table that actually triggers the Process Engine makes it so the flow is always run as system when submitting a catalog item. Trying to find a workaround for this currently.

Muhammad Salar · ‎06-10-2025

Hello, well try these things now

1. From pill, get catalog variables -> user -> sysid
OR
2. set by script in create action
var grpUser = fd_data._1__get_catalog_variables.user.getValue().toString();
return grpUser;

mlopezrivera · ‎06-11-2025