Showing results for 
Search instead for 
Did you mean: 
Impactful Individual
Impactful Individual

Be careful with apps using flows and shared connections

I feel this needs to be highlighted on this forum as well as the flow forum as this can create big security issues, please see below link

Community Support
Community Support

Hi @Delid4ve,


When sharing Flow, if you are sharing from the Flow web site, then the only option to share the flow with other users is to give the user owner permission on this flow, which means that all the connections inclued in this flow would login using your account.



With this scenario, the default login account should be yours. But he can change the login account to his own in his Flow site.


Default login account is Mona, but user can change it to his own(Aye)



But with Flow button trigger, you can restrict flow to only use your authentication, or require users to use their own connections. 



For more information about this, please refer to:




Community Support Team _ Mona Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

This doesnt address my concern at all.


Look at it this way:

If i create a powerapp that saves all the data to SQL server first (user automatically uses 'My Connection' in the flow)

Then create another flow which is triggered by the first flow to do all my required tasks

The tasks will all be handled by the chosen 'My Connection' (ie:sharepoint,Outlook,Onedrive)


However, if i dont do it this way the user has to have permissions for all the connections.

This completely defies a security model designed to restrict access to users and is a HUGE oversight by MS.

Can you have somebody from your security team look at this as this 'By Design' is completely wrong.

Its not complex, if powerapps has no input directly in the flow it uses 'My Connection', otherwise it uses the users connection, this is wrong.


The Flow is also NOT directly shared with the user, and again, we shouldnt have to do this as the only way is to give them owner permissions which would mean they can edit it!!!!  And we are NOT talking about Buttons here, this is documented that you can change which accounts to use.

Helpful resources

New Badges

New Solution Badges!

Check out our new profile badges recognizing authored solutions!

New Power Super Users


We are excited to announce the Power Apps Super Users!

Power Apps Community Call

Power Apps Community Call: February

Did you miss the call? Check out the Power Apps Community Call here.

Microsoft Ignite

Microsoft Ignite

Join digitally, March 2–4, 2021 to explore new tech that's ready to implement. Experience the keynote in mixed reality through AltspaceVR!

Top Solution Authors
Top Kudoed Authors
Users online (40,041)