We have a flow in our org that accesses a few custom objects (create,update). These objects are not accessible to most profiles, and when those profiles try to run the flow it fails since they don't have access to the object. Is it possible to have the flow run as a more privileged user or does that break the current SF security model?
Best Answer
You can call an Apex plug-in from the flow: http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_process_plugin_using.htm
You could run this plug-in without sharing to allow the user to insert/update objects that they do not have access to. Write the plug-in to accept as input all parameters needed to perform the inserts and updates. Then in the apex plug-in you can insert or update records based on your requirements and return the object IDs or errors that returned from your DML operations.
I believe this is the only solution that will keep a pretty tight lock on your security.