4408 [USERNAME] from 127.0.0.1:7 does not have rights to Start Process [PROJECTNAME][PROCESSNAME]
Client uses the SharePoint Members group and assign Workflow Start rights to a process. Inside the SharePoint Members Group they assigned the "All Users (Membership)"
Each user attempting to start the process receives the following error: 4408 [USERNAME] from 127.0.0.1:7 does not have rights to Start Process [PROJECTNAME][PROCESSNAME]
Upon investigation, the "All Users (Membership)" entry in the group is defined as "c:0!.s|forms:membership" and does not explicitly reference AAD/SP accounts. Because of this, there is no reference for Appit when it leverages the group to assign permissions to the specific AAD/SP users, so no permissions are being assigned
The client indicated that they worked around this permissions issue by searching for a group called "all" in the workflow context and added it to the workflow permissions. I have created a bug for investigation.