THE REQUESTED FLOW OPERATION WAS PROHIBITED BY SECURITY RULES

nandini29
Tera Expert

3 hours ago

Hi,

When the flow executes, it fails at the Create Catalog Task step with the error: "The requested flow operation was prohibited by security rules."

The flow is configured to run as the System User, and the affected user has both the itil and catalog roles.

I came across a few articles suggesting that the catalog_admin role may need to be added to the sc_item_variable_task ACL. However, I am unsure if that is the root cause in this case because we have several other flows that use the same Create Catalog Task action and they are executing successfully without any issues.

Could you please help me understand why this particular flow is encountering the error while similar flows are working as expected? Also, could you suggest the appropriate troubleshooting steps or a possible solution?

nandini29_0-1781267383222.png

 



Thanks,
Nandini

0 Helpfuls
  • 106 Views
2 REPLIES 2

Ankur Bawiskar
Tera Patron

3 hours ago

@nandini29 

if the flow is configured to Run as System user then this error should not come

Is it coming all the time or sometime?

is it coming for only this flow for this item or all the flows?

what if the approver has admin? does it create task?

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Tanushree Maiti
Tera Patron

2 hours ago

Hi @nandini29 

 

1. Ensure Your flow is running by System user not by  User who initiates session

 ->Change the value from User who initiates session to System User.

 

If for business requirement , you need to run flow by User who initiates session, follow the KB to create ACL

 

2. Refer KB: KB0870023 Flow Designer Create Task fails due to security rules 

 

Cause

The user needs permission to run the flow.

Resolution

To create a sc_task record, ensure the flow runs with roles itil and catalog_admin. 

If running the flow still fails, check that the catalog item used has any catalog variables. If so, set additional permissions.

In the following error message, notice the addVariableToTask reference:

Flow Designer: Operationxxx.Create Catalog Task) failed with error: com.snc.process_flow.exception.OpException: The requested flow operation was prohibited by security rules.
at com.snc.process_flow.operation.SetCatalogVariablesOperationBase.addVariableToTask(SetCatalogVariablesOperationBase.java:47)
at com.snc.process_flow.operation.SetCatalogVariablesOperationBase.setCatalogVariables(SetCatalogVariablesOperationBase.java:37)

For this to work, write access is required on the sc_item_variables_task table. There is currently no access control list (ACL) to do this, which means this only works if you have admin permissions.  

To resolve this error:

  1. Create an ACL for catalog_admin.
  2. Give write access to sc_item_variables_task.

Preferred fix: Run the flow in system context or with a dedicated service account so catalog variable writes don't require custom ACL changes.

Caution: Avoid creating broad write ACLs. If ACLs are required, scope them minimally to sc_item_variables_task with strict conditions (least privilege) and test in a sub-production environment first.

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
0 Helpfuls