I have an approval flow in an environment that worked twice and then started giving trouble.
The flow itself is fine, but I sent the approval to a user (my environment admin account created the approval request through the flow), which the user approved and rejected twice while testing - but now when they try and approve/reject the request they get the following error in Outlook and/or approvals portal:
Encountered a general permissions error trying to access the CDS database. This could be caused by modification of the approvals administrator or user roles, or by an incompatible plugin. Detailed message: 'Message: Principal user (Id=..., type=8, roleCount=1, privilegeCount=94, accessMode=4), is missing prvReadAsyncOperation privilege (Id=...) on OTC=4700 for entity 'asyncoperation'. context.Caller=...
I tried deleting and recreating Approvals connectors both for the requestor and responder - same result.
I then created a different flow in the environment as the user - initially it complained when I added the Approvals connector and clicked the down arrow to render the options for Approvals, saying;
Could not retrieve values. The caller with object id ... does not have permission for connection ...'shared-approvals under Api 'shared_approvals'.
so I went back into Default environment and created an approval flow with no issues - options rendered fine - when I can back to this environment and tried again it rendered the Approval connector options fine (!?). I then set the approval to send the same user account that created the approval an approval request. Flow saved and ran fine - Same general permissions error on responding to the request.
Reading up on the error I've seen varying degrees of responses, but nothing has changed in the security setup for the environment (privilege or role based, user or non-interactive based) so I'm loathe to go poking around the CDS permissions - also, as I've said, the flow itself is fine, it's the action of responding to the flow as the responding user that is throwing the error, both in Outlook and in the flow approval actions portal.
Any ideas or suggestions welcome!
Hi @Anonymous ,
It looks like something went wrong with the User-role permissions; have you modified the Approvals User role from the Security Roles setting, the impacted User seems to be missing read privileges on the Async Operation entity. Maybe we want to start from there...
Hope is not too late, but this worked for me.