cancel
Showing results for 
Search instead for 
Did you mean: 
0 Kudos

Extra security for shared workflows: Limit use of shared credentials

Problem

At the moment there is an obvious security gap in the shared workflows:

- User A creates a flow which sends an email

- User A shares this workflow with user B

- User B adds a "Get Emails" action, and sets it to use User A's connection (through clicking on the "..." button on this new action)

- User B then sends these emails to themself or otherwise gets access to the info in User A's mailbox

 

User B could also send emails on behalf of User A, although the email obviously comes from Flow so this is not as damaging as it could be

 

Proposed Solution

My proposal would to allow users to edit a specific connection in a flow (or globally) to indicate that it should not be usable by other users of shared flows for NEW actions, but only be allowed in actions where it was already added by the connection owner.

 

That would at least plug the gap where a write-only action was used in a flow (like sending an email) and then another user maliciously adds a read action and gains access to information that they shouldn't have.

 

It is also necessary to have logging data for changes to Flows so that this scenario can be investigated after the fact. The Flow edits should be logged in the Office365 audit log.

 

Status: New