Hi Flow Peoples,
We found that if you forward an approval email another user can click on the approve button and the flow will still trigger and pick up the original recipients credentials to process the approval.
i know this might not happen much, but it has happened in testing an app we've built for a client.
Is there a known workaround to recognise the actual user who clicks the Approve button in the email so we can validate the person clicking the button? We've tried Get My Profile - but this registers the recipient of the approval email as the person clicking the button - not the user who did.. so running out of options other than proposing we dont use the approval email method.
Thanks for reporting this.
There is an old thread talking about the same issue:
Looping @telu for this issue.
This is not a very good option from a security perspective. is there a way to find out who the approver is in case it is forwarded to someone else? Or block all forwards?
The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.
Announcing a new way to share your feedback with the Power Automate Team.
Learn to digitize and optimize business processes and connect all your applications to share data in real time.
The Super User program for 2022- Season 2 has kicked off!