Showing results for 
Search instead for 
Did you mean: 
Super User
Super User

Be careful with apps using flows and shared connections

I feel this needs to be highlighted on this forum as well as the flow forum as this can create big security issues, please see below link

Community Support Team
Community Support Team

Re: Be careful with apps using flows and shared connections

Hi @Delid4ve,


When sharing Flow, if you are sharing from the Flow web site, then the only option to share the flow with other users is to give the user owner permission on this flow, which means that all the connections inclued in this flow would login using your account.



With this scenario, the default login account should be yours. But he can change the login account to his own in his Flow site.


Default login account is Mona, but user can change it to his own(Aye)



But with Flow button trigger, you can restrict flow to only use your authentication, or require users to use their own connections. 



For more information about this, please refer to:




Community Support Team _ Mona Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Super User
Super User

Re: Be careful with apps using flows and shared connections

This doesnt address my concern at all.


Look at it this way:

If i create a powerapp that saves all the data to SQL server first (user automatically uses 'My Connection' in the flow)

Then create another flow which is triggered by the first flow to do all my required tasks

The tasks will all be handled by the chosen 'My Connection' (ie:sharepoint,Outlook,Onedrive)


However, if i dont do it this way the user has to have permissions for all the connections.

This completely defies a security model designed to restrict access to users and is a HUGE oversight by MS.

Can you have somebody from your security team look at this as this 'By Design' is completely wrong.

Its not complex, if powerapps has no input directly in the flow it uses 'My Connection', otherwise it uses the users connection, this is wrong.


The Flow is also NOT directly shared with the user, and again, we shouldnt have to do this as the only way is to give them owner permissions which would mean they can edit it!!!!  And we are NOT talking about Buttons here, this is documented that you can change which accounts to use.

Helpful resources


Power Automate Community User Group Member Badge

Fill out a quick form to claim your user group badge now!


Power Platform World Tour

Find out where you can attend!

Power Platform 2019 release wave 2 plan

Power Platform 2019 release wave 2 plan

Features releasing from October 2019 through March 2020


Microsoft Learn

Learn how to build the business apps that you need.

Top Kudoed Authors
Users Online
Currently online: 176 members 5,043 guests
Recent signins:
Please welcome our newest community members: