diff --git a/node/src/main/kotlin/net/corda/node/internal/security/RPCPermissionResolver.kt b/node/src/main/kotlin/net/corda/node/internal/security/RPCPermissionResolver.kt
index 6d42383d73..e166fca2af 100644
--- a/node/src/main/kotlin/net/corda/node/internal/security/RPCPermissionResolver.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/security/RPCPermissionResolver.kt
@@ -41,30 +41,34 @@ internal object RPCPermissionResolver : PermissionResolver {
     private const val ACTION_INVOKE_RPC = "invokerpc"
     private const val ACTION_ALL = "all"
     private val FLOW_RPC_CALLS = setOf(
-            "startFlowDynamic",
-            "startTrackedFlowDynamic",
-            "startFlow",
-            "startTrackedFlow")
+        "startFlowDynamic",
+        "startTrackedFlowDynamic",
+        "startFlowDynamicWithClientId",
+        "startFlow",
+        "startTrackedFlow",
+        "startFlowWithClientId"
+    )
+
+    private val FLOW_RPC_PERMITTED_START_FLOW_CALLS = setOf("startFlow", "startFlowDynamic")
+    private val FLOW_RPC_PERMITTED_TRACKED_START_FLOW_CALLS = setOf("startTrackedFlow", "startTrackedFlowDynamic")
+    private val FLOW_RPC_PERMITTED_START_FLOW_WITH_CLIENT_ID_CALLS = setOf("startFlowWithClientId", "startFlowDynamicWithClientId")
 
     override fun resolvePermission(representation: String): Permission {
         when (representation.substringBefore(SEPARATOR).toLowerCase()) {
             ACTION_INVOKE_RPC -> {
                 val rpcCall = representation.substringAfter(SEPARATOR, "")
-                require(representation.count { it == SEPARATOR } == 1 && rpcCall.isNotEmpty()) {
-                    "Malformed permission string"
-                }
+                require(representation.count { it == SEPARATOR } == 1 && rpcCall.isNotEmpty()) { "Malformed permission string" }
                 val legacyPermitted = when (rpcCall) {
-                    "startFlow" -> setOf("startFlowDynamic", rpcCall)
-                    "startTrackedFlow" -> setOf("startTrackedFlowDynamic", rpcCall)
+                    "startFlow" -> FLOW_RPC_PERMITTED_START_FLOW_CALLS
+                    "startTrackedFlow" -> FLOW_RPC_PERMITTED_TRACKED_START_FLOW_CALLS
+                    "startFlowWithClientId" -> FLOW_RPC_PERMITTED_START_FLOW_WITH_CLIENT_ID_CALLS
                     else -> setOf(rpcCall)
                 }
                 return RPCPermission(legacyPermitted.toFullyQualified())
             }
             ACTION_START_FLOW -> {
                 val targetFlow = representation.substringAfter(SEPARATOR, "")
-                require(targetFlow.isNotEmpty()) {
-                    "Missing target flow after StartFlow"
-                }
+                require(targetFlow.isNotEmpty()) { "Missing target flow after StartFlow" }
                 return RPCPermission(FLOW_RPC_CALLS.toFullyQualified(), targetFlow)
             }
             ACTION_ALL -> {