Cloud provisioning check failed if you implemented Group Approval workflow and the group does not have permission defined in Cloud Management PermissionsDescriptionWhen designing the approval policy for Cloud Provisioning, it is likely that customer will implement 2 approval levels. First approval is user, and the second is group.If the group is not given the same permission in Cloud Management Permissions (sn_cmp_permission) as the submitter of the stack, provisioning would fail with below error:====Cloud Account permission check failed. User :*sys_id of submitter*does not have execution permission on cloud account *name of the cloud account*.====This is misleading as the submitter has the proper permission.This is caused by validation logic on Cloud Account is performed on user that approved the request on group level instead of the original submitter.Steps to Reproduce Create any cloud catalog.2. Create custom workflow with 2 level of approvals (user and then group).3. Define a policy on the cloud catalog to use the custom workflow in step 2.4. In Cloud Management Permissions, add "execute" permission on Cloud Account [cmdb_ci_cmp_cloud_account] only for the user's group of submitter.5. Make sure that submitter and group's approver belong to different user groups.6. Provision the stack and follow the approval process accordingly.7. Observe the error message stating that submitter does not have execution permission on cloud account.WorkaroundThis problem is currently under review. You can contact ServiceNow Technical Support or subscribe to this Known Error article by clicking the Subscribe button at the top right of this article to be notified when more information becomes available. As temporary solution: create new entry in Cloud Management Permissions (sn_cmp_permission) for approver's group to have the same entry as user's group (the submitter of the cloud stack).Related Problem: PRB1551499