Running Flow as an Administrator Account (Permissi...

BP-WS · ‎12-08-2022

Hello,

I currently have a flow, which connects to SharePoint online and generally works. However, when some users that trigger the flow - who do not have access to the appropriate SharePoint site - the flow is then failing with "Unauthorized Access Error ". I was hoping that I may be able to resolve this by using the "run only users" feature, but this option is not available for this flow.

Does anyone have any ideas of how I can run the flow with a specific user account each and every time (even the service account may do!), instead of using the respective users' permissions each time it's ran by a different user (and this therefore failing for some users who do not have permission to the SharePoint site)?

Thanks,
B

Pstork1 · ‎12-08-2022

That depends on the trigger being used. I suspect you are using a manual trigger, like for a selected item. If that is the case then the flow is running in the context of the user and there is no way to change that. Flows with automated triggers, like when an item is modified, will run in the context of the maker of the flow or whatever account they used on the connector. So the key is to make sure you use either a recurrence or automatic trigger.

-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

BP-WS · ‎12-09-2022

@Pstork1 , thank you very much for that response, very helpful.

I've discovered that the flow I'm trying to run with admin-level privileges (or a user with sufficient privileges), is triggered from a Power App. Do you therefore know what options I have in getting this flow to run as an admin, instead of the respective user that triggers the flow from using the Power App (eg. from pressing a button within the app)?

Thanks,

B

Pstork1 · ‎12-09-2022

As I mentioned. If the flow is triggered by a Power App then it will run in the security context of the user running the app. There is no way to change that or run it with elevated privileges. Your only real choice would be to use a list as an intermediary. Have a flow kicked off by the Power App that creates a record in a list. Then have the flow you need admin privileges for run using the When an item is created trigger. That flow will then run in the context of the maker.

-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

BP-WS · ‎12-09-2022

@Pstork1 ,

Thanks for that additional info. I did come across this guide in the meantime - which advised that if you use a "PowerApp (V2)" trigger, it will then enable you to use the "Run Only User" functionality?

Thanks,

B

Pstork1 · ‎12-09-2022

The run only user is a loophole that can be used to run the flow triggered by the power app using another user's security context. I had forgotten about that exception.

-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.