After moving a user from the "Symantec Administrators" group to one with less permissions the 'Send automation policy e-mail' task fails to run with the newly restricted permissions of that group.
User '<USER>' doesn't have permission to run this task 'Send automation policy e-mail'
There is a schedule trigger associated to an account. This is a hidden Item and may need to be changed by making modifications within SQL if updating the policy schedule does not update this attribute. The fact that this does not change the owner when the schedule is changed is resolved in version 8.0. The current workaround is to change the owner in 'SecurityEntity' via SQL script.
There are two workarounds to address this issue:
update SecurityEntity
set OwnerGuid = '<GUID>'--AppID Guid
where Guid - '<CLASS GUID>'
and OwnerGuid = '<Broken User GUID>'