Hi Flow Peoples,
We found that if you forward an approval email another user can click on the approve button and the flow will still trigger and pick up the original recipients credentials to process the approval.
i know this might not happen much, but it has happened in testing an app we've built for a client.
Is there a known workaround to recognise the actual user who clicks the Approve button in the email so we can validate the person clicking the button? We've tried Get My Profile - but this registers the recipient of the approval email as the person clicking the button - not the user who did.. so running out of options other than proposing we dont use the approval email method.
Thanks for reporting this.
There is an old thread talking about the same issue:
Looping @telu for this issue.
This is not a very good option from a security perspective. is there a way to find out who the approver is in case it is forwarded to someone else? Or block all forwards?
Fill out a quick form to claim your user group badge now!
We've given our badges an overhaul and also added some brand new ones!
Learn how to build the business apps that you need.
Find out where you can attend!
Watch & learn from the Power Automate Community Video Gallery!