Flow Designer Error – “The requested flow operation was prohibited by security rules” reoccurring
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
46m ago
Hi Team,
I’m facing an issue in Flow Designer related to the error:
“The requested flow operation was prohibited by security rules.”
Background:
- We have a requirement to create requests via inbound email, and this setup is currently working.
- Earlier, when users with snc_internal role attempted to create requests through email, the flow failed with the same security error.
Initial Fix Implemented:
To resolve it, we made the following changes:
- Set the flow to Run As: User who initiates the session
- Added catalog_admin role in the “Run with roles” property of the flow (gave role to flow itself)
After this:
All users were able to successfully raise requests via email
Current Issue:
- The same error has started occurring again:
“The requested flow operation was prohibited by security rules” - The flow is now intermittently failing / breaking even with the above configuration in place
- Create record actions are working, but update record actions are failing within the flow
- Also, when System User is selected under Run As, the “Run with roles” option is not visible, limiting our ability to control execution roles
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
16m ago
Hi @Hrithikah
Check the target table's Write ACL ( for Updating Record)
Refer: KB0856507 Flow Designer fails when creating a record with Run As: System User
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4m ago
Hi @Hrithikah
Check the KB : KB0870023 Flow Designer Create Task fails due to security rules
Resolution
To create a sc_task record, ensure the flow runs with roles itil and catalog_admin.
If running the flow still fails, check that the catalog item used has any catalog variables. If so, set additional permissions.
In the following error message, notice the addVariableToTask reference:
Flow Designer: Operationxxx.Create Catalog Task) failed with error: com.snc.process_flow.exception.OpException: The requested flow operation was prohibited by security rules.
at com.snc.process_flow.operation.SetCatalogVariablesOperationBase.addVariableToTask(SetCatalogVariablesOperationBase.java:47)
at com.snc.process_flow.operation.SetCatalogVariablesOperationBase.setCatalogVariables(SetCatalogVariablesOperationBase.java:37)
For this to work, write access is required on the sc_item_variables_task table. There is currently no access control list (ACL) to do this, which means this only works if you have admin permissions.
To resolve this error:
- Create an ACL for catalog_admin.
- Give write access to sc_item_variables_task.
Preferred fix: Run the flow in system context or with a dedicated service account so catalog variable writes don't require custom ACL changes.
Caution: Avoid creating broad write ACLs. If ACLs are required, scope them minimally to sc_item_variables_task with strict conditions (least privilege) and test in a sub-production environment first.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3m ago
Check this KB as well:
KB0861124 Resolve flow failures caused by security rules for the system user
Cause
A user record with sys_id = 'system' in the sys_user table is conflicting with the platform's internal system user. This custom record does not exist in a standard instance and causes the error.
Resolution
Delete the user record with sys_id = system and run the flow again
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
