Error in Flow: The requested flow operation was prohibited by security rules - Support and Troubleshooting

Error in Flow: The requested flow operation was prohibited by security rules Issue .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } A catalog item designed to create vendor records in the core_company table fails with the error 'The requested flow operation was prohibited by security rules' when users submit requests. The error occurs due to insufficient permissions for the flow execution or users to write to the core_company table.

Release .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } All

Cause .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } 1. The flow lacked sufficient permissions to write to the core_company table due to missing vendor_manager role assignments.

2. The System User, which uses the user_admin role by default, did not include the vendor_manager role required by the core_company ACL.

Resolution .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Problem Analysis To create records in the core_company table, the vendor_manager role is required as established by the core_company ACL. Currently, there are two possible solutions to allow a flow to create these records:

Option 1: Assign Permissions to Each User This option involves assigning the vendor_manager role to each user who needs to execute the flow. However, this approach presents significant disadvantages:

Security Issues: By granting the vendor_manager role to multiple users, they could create records in core_company directly from the interface, without needing to execute the controlled flow. ACL Conflicts: If conflicting ACLs exist, it might be necessary to assign multiple additional roles, increasing security risks. Complex Maintenance: Each time a new user needs to execute the flow, role assignment must be managed. Option 2: Execute the Flow as System User (Recommended Solution)

This solution consists of:

Configuring the flow to run as System User: This allows the flow to operate with elevated privileges, regardless of which user initiates it. Adding the vendor_manager role to the user_admin role: Since the System User uses the user_admin role, it's necessary to ensure this role has the permissions needed to create records in core_company. Advantages of this solution:

Enhanced Security: Individual users don't need direct permissions to create records in core_company. Consistency: The flow will always execute with the same permissions, regardless of who initiates it. Simplified Maintenance: No need to manage individual permissions for each user. Process Control: Records can only be created through the controlled flow, not directly by users. Technical Explanation The core_company ACL controls who can create records in the core_company table. This ACL specifically requires the vendor_manager role.

When a flow runs as System User, it uses the user_admin role by default. However, this role doesn't automatically include the permissions of the vendor_manager role. Therefore, it's necessary to add the vendor_manager role to the user_admin role so that the System User can create records in core_company.

Important Considerations

It's likely that the core_company ACL is customized or has been modified from its original configuration (OOTB - Out Of The Box). The System User with the user_admin role doesn't have the vendor_manager role by default, which explains why it's necessary to add it explicitly. This solution follows the principle of least privilege, as only the controlled flow has the ability to create these records, not individual users. Conclusion The proposed solution of running the flow as System User and adding the vendor_manager role to the user_admin role is the most secure and efficient option to allow the creation of records in the core_company table. This approach maintains the integrity of the permission system while providing the necessary functionality.

Related Links .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } }