After moving a user from the "Symantec Administrators" group to one with less permissions the 'Send automation policy e-mail' task fails to run with the newly restricted permissions of that group.

User '<USER>' doesn't have permission to run this task 'Send automation policy e-mail'



There is a schedule trigger associated to an account. This is a hidden Item and may need to be changed by making modifications within SQL if updating the policy schedule does not update this attribute. The fact that this does not change the owner when the schedule is changed is resolved in version 8.0. The current workaround is to change the owner in 'SecurityEntity' via SQL script.

There are two workarounds to address this issue:

1. Modify the schedule of the Automation Policy with a member of the "Symantec Administrators" group; then 'Save changes'.
2. Perform a backup of the Symantec_CMDB and run the following SQL query with AppID, Class, and broken user GUIDs inserted:
   1. ​
      update SecurityEntity
set OwnerGuid = '<GUID>'--AppID Guid
where Guid - '<CLASS GUID>'
and OwnerGuid = '<Broken User GUID>'