- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2023 12:12 PM
Hi,
We are receiving "Access denied to create new email" on a flow. This started since we upgraded to Vancouver. It happens if we run as System user or run as a User who initiates session.
The error disappears if we add the admin role to the User who initiates session. I have tried adding the individual roles that get added with admin but that did not work so it is pointing to a new ACL.
There are over 3,200 new ACLs that were added in the upgrade and none of them are for sys_email or sys_attachment.
Can anyone suggest a place to start please?
Thank you,
Stacy
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2023 01:25 PM
As per this doc: https://docs.servicenow.com/bundle/vancouver-build-workflows/page/administer/flow-designer/reference..., which outlines using the send email action, it emphasizes to make sure the user you're operating as, has the permissions to send email.
Then, as per this doc: https://docs.servicenow.com/bundle/tokyo-servicenow-platform/page/integrate/inbound-rest/task/grant-..., this one outlines the ACL's used to grant users the ability to send email.
We did the following:
- A new ACL to handle email record.create operations. Users with the role email_api_send are permitted to create email records in the sys_email table.
- Modified our existing sys_email.* ACL, to also permit users with the system role email_api_send to access all email fields.
- Note that the role email_api_send is a built-in role, meant to control the permission to send email.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2023 12:56 PM
Can you check the run as user in the flow designer? Also check below thread if it is something related to this
https://www.servicenow.com/community/developer-forum/flow-designer-access-denied-to-create-new-email...
Please mark this response as correct or helpful if it assisted you with your question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2023 01:25 PM
As per this doc: https://docs.servicenow.com/bundle/vancouver-build-workflows/page/administer/flow-designer/reference..., which outlines using the send email action, it emphasizes to make sure the user you're operating as, has the permissions to send email.
Then, as per this doc: https://docs.servicenow.com/bundle/tokyo-servicenow-platform/page/integrate/inbound-rest/task/grant-..., this one outlines the ACL's used to grant users the ability to send email.
We did the following:
- A new ACL to handle email record.create operations. Users with the role email_api_send are permitted to create email records in the sys_email table.
- Modified our existing sys_email.* ACL, to also permit users with the system role email_api_send to access all email fields.
- Note that the role email_api_send is a built-in role, meant to control the permission to send email.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2024 03:22 PM
Going off of what stacybentley shared, I found that only creating a new sys_email 'Create' ACL with no role restrictions was enough to fix this issue when I experienced it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-15-2024 10:02 PM
As referenced in PRB1344152, I would not recommend to open up the sys_email table with a non-restricted ACL.
In my opinion, flow send email actions should only be used with admin only use cases.
