Hi,

I am building a flow that uses the CDS connector to access entities in the HR (onboard) domain.

The trigger for the flow is an HTTP Request 

How can I make sure that the connection to the data is "established" with the end-users credentials ?

And if this is not possible , how can I create a CDS "query" that filters the results based on an e-mail address or Office365 userid ?

Should the HTTP Request be made with certain cookies/tokens ?

Below a simplyfied version of the flow that shows the challenge.

The query (red arrow) here has a hard coded e-mail address.

We want the query to be dynamic, the field does not have to be emailPrimary, any user identification field should be fine.

My question is, should we treat Flow as a classic frontend application to a database. In other words the application can access all data and the responsibility to only get data for a particular user is within the Flow ?

If yes, than I can request in the input (HTTP trigger) of this flow to supply this e-mail address.

Downside is, we need to protect this endpoint because in this case anyone can call the HTTP Endpoint and supply any e-mail address.

If no, that would mean the Flow is executed with the end-user credentials. Which would mean the access control is handled by CDS itself. As a result I don't need a filter, assuming users will only access their own data.

But than my question is, how do I configure my Flow/HTTP Endpoint to have the caller authenticate her/him self ?