Similar issue where non-admin users get 403 when invoking actions was reported recently and got resolved. Fix should be available with 8.0.2
Meantime fell free to open a customer support request and will work on providing a hot fix for it.
Did not find the attached workflow so created my own. If you provide it I can try also with your test workflow to make sure it is the same use case.
For some reason I was not able to upload the attachment.
I already opened a ticket and got the confirmation that this is currently an issue.
If I receive any valuable feedback, I'll update the thread here
Further I found out, that this issue seems only to exist for string parameters.
If you pass a managed object, the action is called in a different way and it works.