At the moment there is an obvious security gap in the shared workflows:
- User A creates a flow which sends an email
- User A shares this workflow with user B
- User B adds a "Get Emails" action, and sets it to use User A's connection (through clicking on the "..." button on this new action)
- User B then sends these emails to themself or otherwise gets access to the info in User A's mailbox
User B could also send emails on behalf of User A, although the email obviously comes from Flow so this is not as damaging as it could be
My proposal would to allow users to edit a specific connection in a flow (or globally) to indicate that it should not be usable by other users of shared flows for NEW actions, but only be allowed in actions where it was already added by the connection owner.
That would at least plug the gap where a write-only action was used in a flow (like sending an email) and then another user maliciously adds a read action and gains access to information that they shouldn't have.
It is also necessary to have logging data for changes to Flows so that this scenario can be investigated after the fact. The Flow edits should be logged in the Office365 audit log.