Create Record Action throws "Error occured while inserting record: null"

mlopezrivera · ‎06-04-2025

I'm building a process Engine flow that will add a user to a group when the RITM is approved. Every time the flow runs, it errors on the Create or Update Record Action with the following:

{
    "Action Status": {
        "code": 1,
        "message": "Error occured while inserting record: null"
    }
}

I've tried:

Using the Create Record action
- Same result
Checking that user and group are both being populated with sys_ids that exist
- Both sys_ids exist and are being passed to the action and I can see that both ids exist in the instance.
Checking business rules on the sys_user_grmember table with setAbortAction
- None of them have this method
Checking Data Polices on the sys_user_grmember table
- None exist
Confirming that the user is not already a member in the group
- They're not. On top of this, the first thing the flow does a lookup check that ends the flow if the user is already a member.

Not sure what else to try.

mlopezrivera · ‎06-11-2025

I was able to find a workaround. Adding it here for future reference.

The crux of the issue was the flow trying to add users to a group with roles from a scoped app. This app had "Application administration" turned on in the app's settings. This means that granting roles to others must be done by the a user with the app's admin role; or if the role has another role in its "Assignable by" field, then the user granting the role must have that role.

ISSUE: In Flow designer when you set "Run as" to System, the flow is actually run with the global admin role. Docs and forums say that the system bypasses ACLs, but that doesn't seem to be the case in Flow designer (global admin doesn't bypass all ACLs). It also doesn't pass up the "prohibited by security rules" error when I was running it as System: hence the "null" error I was getting.

I confirmed this by adding the scoped admin role under the global admin, and the flow added the group member record just fine.

However, it isn't best practice to add an application admin role to the global admin role: KB0957390

WORKAROUND: Use the "Assignable by" field in the roles that the group contains.

Don't put the app's admin role because you can't choose any admin roles within a Flow's "Run with role(s)". This includes scoped application admin roles.

You also can't choose the role itself as it prevents cyclical references.

Choose a role that makes sense and put that in the "Assignable by" field, then run the flow as "User who initiates the session", and put that same role in the "Run with roles(s)" in the Flow's properties. Afterwards, the flow can grant membership to groups with the scoped roles.

The following links were helpful

and thanks to @Ankur Bawiskar and @Muhammad Salar for responding.

View solution in original post

Ankur Bawiskar · ‎06-04-2025

@mlopezrivera

make your flow run as System User

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

mlopezrivera · ‎06-04-2025

Sorry, forgot to mention that the flow is running as System User.

Muhammad Salar · ‎06-04-2025

Hello,
can the same user manually create record in that table?
is your run as field in flow properties set as "User who initiates the session" ?

mlopezrivera · ‎06-10-2025

I've tried setting the run as property as system user, and as the user who initiates the session (with the user_admin role so I don't run into permissions). In both cases I get the same error.