Currently I have a small Canvas app used for managing leave requests. Users submit requests, their manager is notified and if approved the request is posted to the leave calendar. I am using SharePoint as my data source, and have locked it down as much as possible, and for event posting only managers have the ability to write to the Calendar.
My question is, with the ability to use an elevated account as the run as connection for a flow, is it inadvisable to instead have users trigger a flow on submit that edits the relevant SharePoint lists and Calendar while only giving read only permissions to the users? There are a lot of reasons that I am considering this route, but wanted to know if there are any tradeoffs or limitations to consider. I already use 2 flows in the app to export data and render PDF documents in the app.
Can explain more if needed, thanks!