Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Getting "Access denied to create new email" in Flow Designer since upgrading to Vancouver

Go to solution
stacybentley
Tera Guru

‎11-17-2023 12:12 PM

Hi,

 

We are receiving "Access denied to create new email" on a flow.  This started since we upgraded to Vancouver.  It happens if we run as System user or run as a User who initiates session. 

 

The error disappears if we add the admin role to the User who initiates session.  I have tried adding the individual roles that get added with admin but that did not work so it is pointing to a new ACL.

 

There are over 3,200 new ACLs that were added in the upgrade and none of them are for sys_email or sys_attachment. 

 

Can anyone suggest a place to start please?

 

Thank you,

Stacy

0 Helpfuls
  • 3,883 Views
1 ACCEPTED SOLUTION

Go to solution
stacybentley
Tera Guru

‎11-17-2023 01:25 PM

As per this doc: https://docs.servicenow.com/bundle/vancouver-build-workflows/page/administer/flow-designer/reference..., which outlines using the send email action, it emphasizes to make sure the user you're operating as, has the permissions to send email.

 

Then, as per this doc: https://docs.servicenow.com/bundle/tokyo-servicenow-platform/page/integrate/inbound-rest/task/grant-..., this one outlines the ACL's used to grant users the ability to send email.

 

We did the following:

  • A new ACL to handle email record.create operations. Users with the role email_api_send are permitted to create email records in the sys_email table.
  • Modified our existing sys_email.* ACL, to also permit users with the system role email_api_send to access all email fields.
  • Note that the role email_api_send is a built-in role, meant to control the permission to send email.

View solution in original post

4 REPLIES 4

Go to solution
SanjivMeher
Mega Patron
Mega Patron

‎11-17-2023 12:56 PM

Can you check the run as user in the flow designer? Also check below thread if it is something related to this
https://www.servicenow.com/community/developer-forum/flow-designer-access-denied-to-create-new-email...

 


Please mark this response as correct or helpful if it assisted you with your question.
0 Helpfuls

Go to solution
stacybentley
Tera Guru

‎11-17-2023 01:25 PM

As per this doc: https://docs.servicenow.com/bundle/vancouver-build-workflows/page/administer/flow-designer/reference..., which outlines using the send email action, it emphasizes to make sure the user you're operating as, has the permissions to send email.

 

Then, as per this doc: https://docs.servicenow.com/bundle/tokyo-servicenow-platform/page/integrate/inbound-rest/task/grant-..., this one outlines the ACL's used to grant users the ability to send email.

 

We did the following:

  • A new ACL to handle email record.create operations. Users with the role email_api_send are permitted to create email records in the sys_email table.
  • Modified our existing sys_email.* ACL, to also permit users with the system role email_api_send to access all email fields.
  • Note that the role email_api_send is a built-in role, meant to control the permission to send email.

Go to solution
Jake39
Tera Contributor

‎04-22-2024 03:22 PM

Going off of what stacybentley shared, I found that only creating a new sys_email 'Create' ACL with no role restrictions was enough to fix this issue when I experienced it.

0 Helpfuls

Go to solution
patrickfedigan
ServiceNow Employee
ServiceNow Employee
In response to Jake39

‎08-15-2024 10:02 PM

As referenced in PRB1344152, I would not recommend to open up the sys_email table with a non-restricted ACL.

In my opinion, flow send email actions should only be used with admin only use cases.

0 Helpfuls