CRUD action/step action fails with "The requested flow operation was prohibited by security rules." - Known Error

CRUD action/step action fails with "The requested flow operation was prohibited by security rules." Description "Update Record" action fails with "The requested flow operation was prohibited by security rules." error when trying to update a Problem Task record as an ITIL user. Same user can update the record outside of the flow (workflow and form). And this happens only when the "Run As" is set to "User who initiates session" (No issues seen when Run As 'system').

Steps to Reproduce

Issue is reproducible in Madrid Patch 8, New York and Orlando release.

Create a Flow Designer on "Problem Task" table with Created/Updated trigger. Add "Ask For Approval" action and request approval from "ITIL user". Add IF logic with condition as Approval state from step 2 is Approved Add "Update Record" action as 3.1 and update the trigger record (problem task) state to Closed. Create a Problem task record. Impersonate the ITIL user and Approve the approval. Result : You will notice an error at step 3 saying "The requested flow operation was prohibited by security rules.".

Workaround This is expected behavior. ACLs are preventing the user action.

The solution is:

Change flow Run-As property to Run-As System Review ACLs that are preventing access and either update them or provide roles to users triggering the flow Related Problem: PRB1377917