Hi,

I investigated the issue you mentioned. It appears you're attempting to execute a Workflow using the Workflow command. This requires either External Access or Full Access, as it does not work with Internal Access.

If you're encountering the issue even after granting Full Access, it could be due to one of the following reasons:

1. There may be a cascade Workflow involved that hasn't been granted the necessary access.
2. The newly created user may not have the necessary permissions to execute the REST endpoint

Thank you for your answer, but I do not think any of the reasons apply.

Ad 1.: I am certain no other workflows cascade from this.

Ad 2.: I double checked the basic users indeed has the basic permission set with the workflow.

This is my workflow (it is not actually useful, just a test):

(SalesContractHandling projection is normally not accessible to basic user)

To dispel any doubts around triggering the workflow from a Workflow command, I switched to this trigger (again, not actually useful, just something I can easily trigger for test purposes):

And here is the grant on our basic user permission set (with full access to make sure):

User who normally has access to the projection can trigger and execute the workflow without issue. User with our basic permission set still gets the error. I can’t be entirely sure it is the exact error I wrote about in my original post (FndProjectionGrant.SRV_NOT_ACCESS) because I get that from rerunning the workflow for inspection from the observed run, but it certainly is some 403-unauthorized error.

Any other ideas would be greatly appreciated :)

Hi,

By design, Workflow Level Permission Sets are only supported in Production Mode. If the workflow is running in Troubleshoot Mode, it should return an error that you mentioned (FndProjectionGrant.SRV_NOT_ACCESS) .This is the expected behavior for Workflow Level Permission Sets. We will mention this in Techdoc and update it.

Yes, I get that, but even when the basic viewer triggers the workflow the “correct way” - via the projection action, the workflow triggers but runs into an error.

*basic USER not viewer, sorry

Hi,

If you do not have permission to trigger the Projection Action or execute the workflow, the following error message should be returned in Production Mode.

Therefore, it would be great if you could share the error message along with relevant screenshots.

Additionally, I’d like to know how permissions are granted to users. Are they assigned individually or through a group?
We’ve already identified and resolved an issue related to Group-based permission grants, and the fix will be available in the next release.
However, if permissions are granted individually, everything should work as expected.
In our environments, we haven’t observed any issues when triggering workflow via read projection action while using individual grants.

I see, permission sets are indeed granted via user groups. I will try again later with a direct grant of the workflow to the user and let you know. Thank you!

The error message is exactly what you shared.