When Scheduled Flows run they do not run in the context of the User who created the Flow, as that’s not considered desirable. Instead they use the special AutoProc User. You might run into this kind of permissions error:
I get an error that says “Profile does not have access to: copycollection”. I am system admin and have checked; my profile does have access to the copycollection apex. When I try the same thing in a Screen Flow it works. At a loss as to how proceed.
How to proceed? First, here are some resources that discuss the AutoProc User:
As shown in “Which Context Do Flows Run In?”, The AutoProc User runs in the System Context. Of that, the following is true:
A flow that runs in system context has permission to access and modify all data.
If the context depends on code, Apex uses the
with sharing and
without sharing keywords to specify whether to enforce org-wide default settings, role hierarchies, sharing rules, manual sharing, teams, and territories.
In the case of CopyCollection apex class in the example above, the developer chose to construct the action ‘With Sharing’:
That means that org-wide default settings are likely to dominate.
You can now use the Default Workflow User
Starting with flows saved as API version 53 or higher (Winter ’22), Scheduled Flows use the Default Workflow User, which can be set in Process Automation Settings in Setup, instead of AutoProc User. You can select a User account that has the access you want.
Addressing the Problem Via a Critical Update
You might be encountering this problem because your org is set to enforce explicit access to Apex Classes. Originally, there was not access control to Apex Classes in flows: if you could run the flow you could run the Apex Class. Subsequently, there was a period where orgs had to apply explicit access to new flows. After that, a determination was made that, no, we shouldn’t control access to apex classes that way but should use brand new per-flow access. So the apex-specific access control was shut off for new flows. however, to avoid breaking existing flows, orgs that have flows that use the explicit access have to enable a critical update.
So if you activate the critical update “Disable Rules for Enforcing Explicit Access to Apex Classes”, problems with Scheduled Flows and Actions may be resolved.
Assigning a Permission Set to the AutoProc User
It’s not currently possible to assign a permission set to AutoProc User in Setup, but it’s possible to do it in Developer Console. Follow the process described here, and you’ll end up with a permanent permission set that you can use to grant permissions to AutoProc User.
There’s a useful approach that requires a little Developer Console work.