web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Possible vulnerability...
Power Apps
Unanswered

Possible vulnerability in granting consent for the Office365Groups connector

(1) ShareShare
ReportReport
Posted on by Hernan Ramirez 21
Any maker has the ability to use the Office365Groups connector in their applications. If a malicious maker places the script I show in the image, the maker can grant himself permissions to the same groups where the end user is the owner.
I don't see that there is a way to control the use of these connector actions by DLP. Does anyone have any suggestions?
The security department of the company I work for is very concerned because this breaks down any security that the entraID can provide us.
The script shows how in the OnStart of an application, a maker can silently add members deliberately to the groups where the end user is the owner.
 
Categories:
Building Power Apps
I have the same question (0)
  • ANB Profile Picture
    ANB 7,250 Super User 2026 Season 1 on at
    Hi @Hernan Ramirez, I hope I understood your question correctly:
     
    You can restrict the connectors: Please check:
     
     

    Please click Does this answer your question if my post helped you solve your issue. This will help others find it more readily. It also closes the item. If the content was useful in other ways, please consider giving it a Like.


    Thanks,
    ANB
  • Hernan Ramirez Profile Picture
    Hernan Ramirez 21 on at
    Hi @ANB, thank you very much for answering.
     
    These options are not available for this connector:
     
    Regards,
    Hernan
     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the January Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 101 Most Valuable Professional

#2
Haque Profile Picture

Haque 81

#3
VASANTH KUMAR BALMADI Profile Picture

VASANTH KUMAR BALMADI 70

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans