web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
You're Invited to Keeping It Real with the Power Platform
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / Is there any security ...
Power Automate
Answered

Is there any security holes if we create an action inside a cloud flow using the Office 365 service account, which have full permsion on the sharepoint site

(0) ShareShare
ReportReport
Posted on by johnjohn123 3,514

We have created a new cloud flow using a service account which have full permission on the SharePoint site (the service account is defines as the site collection admin). the flow do the following:-

1) the user enters a new item inside a custom list >> define the manager inside a field>>save the form

2) the flow will run automatically upon creating the item >> and the flow will break the item permissions grant the creator read-only and the manager contribute.

 

so my question, can the any user, login to Power automate >> create a new flow >> reuse the connection created using the service account and modify the item , even if he only have read permission on it ? is this scenario possible? if the answer is yes, then how we can secure it? am asking this as when i connected to the SharePoint list inside the cloud flow, the connection get added under the connection tab, which means it can be re-used by any user (in other words any user can connect to SharePoint using the service account using a new cloud flow),, am i correct and is my concern valid?

 

Thanks

Categories:
Building flows
I have the same question (0)
  • Verified answer
    Pstork1 Profile Picture
    Pstork1 69,381 Most Valuable Professional on at

    What kind of trigger does the flow use? If its an automated trigger then there is no way for a user to use the action configured with the service account other than in the context of that flow.  So no that's not a security loophole.  That connection won't be reusable by the user in a new flow.  When they try to reuse that connection it will prompt them to use their own credentials or re-authenticate the service account.

  • johnjohn123 Profile Picture
    johnjohn123 3,514 on at

    @Pstork1 the trigger is when an item is created/updated inside SharePoint. Regards

  • Verified answer
    Pstork1 Profile Picture
    Pstork1 69,381 Most Valuable Professional on at

    Then that action will run in the security context of the service account configured by the maker.  But If anyone reuses that connection it will require them to re-authenticate the connection to use it.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
You're Invited to Keeping It Real with the Power Platform

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Valantis Profile Picture

Valantis 641

#2
Vish WR Profile Picture

Vish WR 640

#3
Haque Profile Picture

Haque 495

Last 30 days Overall leaderboard

Featured topics

Known issue with browser automation in Power Automate for Desktop on Google Chrome 146 and 147
Share your ideas and struggles with building Power Automate flows!
Survey: Power Automate mobile app
How to Ask for Help with Your Power Automate Workflow
Flows are not visible for users who sign in with their personal accounts
Start and wait for an approval action
Restore a deleted flow
List of actions cheat sheet for Power Automate Desktop
Question for everyone : How are you using Create Text GPT in AI Builder?
Welcome to the Power Automate forum!

Product updates

Microsoft Power Platform Community release plans