We’re experiencing a critical issue with our PO approval workflow in CloudSuite. After our IT team updated security roles last week to align with our new organizational structure, all purchase orders requiring department head approval are getting stuck.
The workflow was working perfectly before the role changes. Now orders sit at the department head approval step indefinitely. What’s puzzling is that we’re not seeing any workflow errors in the system logs - everything appears to be processing normally from a technical standpoint.
All POs are consistently stuck at the same approval step (department head level), regardless of amount or department. Our purchasing team has over 40 orders delayed, which is impacting vendor relationships and project timelines. The roles were updated to add new cost center responsibilities, but we thought we maintained all existing approval permissions.
Has anyone encountered workflow approval issues after role modifications? What should we check first?
Also verify the workflow step configuration itself. Go to Workflow Configuration and check if the department head approval step is still mapped to the correct role ID. If the role was recreated instead of modified, the workflow step might be pointing to the old role ID that no longer exists. This wouldn’t throw an error but would cause approvals to never reach anyone.
You’ll need to run the workflow cache refresh job. Navigate to System Administration > Scheduled Jobs > Workflow Engine Jobs and execute ‘Refresh Workflow Participant Cache’. This rebuilds the routing tables based on current role assignments. After running this, you may also need to manually reassign the stuck POs or use the bulk workflow reset utility to push them to the correct step. The cache refresh usually takes 15-30 minutes depending on your user base size.
Thanks both. I checked and the PO Approver permission is still there. However, looking at the workflow step configuration, I notice it references role IDs. Could the issue be that new role assignments weren’t synced to the workflow engine? How do we force a refresh?
Excellent resolution. Let me provide a complete solution framework for anyone encountering this issue after role updates.
The core problem occurs because CloudSuite’s workflow engine maintains a cached mapping between roles and user assignments for performance optimization. When roles are modified, especially through bulk updates or organizational restructuring, this cache doesn’t automatically invalidate.
Addressing the three key aspects of this issue:
Role Configuration Verification: First, confirm that the updated roles still contain the necessary workflow permissions. Navigate to Security Administration > Role Management and verify each department head role includes ‘Purchase Order Approver’ and ‘Workflow Participant’ permissions. Check both direct permissions and inherited permissions from parent roles. If roles were recreated rather than modified, you’ll need to reassign these permissions explicitly.
Workflow Step Mapping: Examine the workflow definition itself. In Workflow Configuration > Purchase Order Approval Process, verify that each approval step correctly references the current role IDs. If your role update involved creating new roles with different IDs, you must update these workflow step configurations to point to the new role IDs. This is critical because workflows reference roles by ID, not by name.
Cache Refresh and Recovery: Execute the ‘Refresh Workflow Participant Cache’ job from System Administration > Scheduled Jobs. This rebuilds the routing tables and resolves the stuck approvals. For the backlog of stuck orders, you have two options: wait for them to automatically route after cache refresh (usually happens within an hour), or use the Workflow Reset utility to immediately push them to the correct approval step. Monitor the workflow error logs during this process to catch any residual configuration issues.
Prevention: Implement a standard procedure for role updates that includes running the cache refresh job immediately after making role changes. Consider scheduling this job to run nightly during periods of organizational change. Also document your workflow-to-role mappings so future administrators understand the dependencies.
The fact that you saw no errors in logs is actually typical - the workflow engine doesn’t log an error when it can’t find eligible approvers; it simply leaves the workflow in a pending state. This is by design to prevent workflow failures during temporary role assignment gaps.
I’ve seen this exact scenario multiple times. When roles are updated, the workflow routing tables don’t always refresh automatically. Check if your department heads still have the ‘PO Approver’ permission explicitly assigned in their updated roles. Sometimes role inheritance gets broken during restructuring.