Hi,
Is it me or is the information related to app connection security outlined here blatantly wrong (or old)?
PowerApps and Flow ensure that your data is secure because they connect to external services on behalf of users. So only authorized users can access your data with authorization decisions based on the user’s identity. It’s impossible for a flow or app to perform an operation in a service for which the creator does not have permissions.
Even when users grant other users access to a flow or app, access to the data is not shared when sharing an app. Users must provide their own credentials to create their own non-shared connection to the data sources. Users can share their flows or apps with other authenticated users in their organizations, and each user provides their own credential to create their own (non-shared) connection to the data sources.
I agree this is the case for some connectors, but there are others to which the above definitely does not apply.
For example, the SharePoint connector does request the user of the app to login, however others apps (such as SQL Server or Twilio) only ask the user to trust the connection, after which the connection is made using the credentials set by the creator of the app.
Does anyone here know of an up-to-date article that explains the access management concept?
Cheers.
