cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
PowerlessUser
Frequent Visitor

Making an approval flow secure

I am relatively new to Flows and I am creating simple approval flow following the outdated instructions found at   https://docs.microsoft.com/en-us/power-automate/modern-approvals

 

This help document has you create a SharePoint list for your data which includes a boolean field called "Approved" to hold the approver's decision.  When a user submits an item to the list, the flow sends an email with a link for the user to approve or deny the submission.  If the approver approves, the flow sends a notification email and sets the SharePoint field "Approved" to true in the SharePoint list where the item was submitted.  If the approver denies the request, the flow sends an notification email and sets the "Approved" field to false.  This is pretty straightforward but my question is what about permissions?  If a user has rights to submit an item to SharePoint to start the flow, then they would have rights to manually modify the decision the approver made after the flow completed.  Hoping the users never figure how how to manually modify the SharePoint list is not an option.  It does not seem like SharePoint supports column level permissions.  

 

The one solution my meager brain thought of for this problem was to have two lists.  There would be a pending approval list accessible by the users where they would submit their items.  Upon the approver completing the approval, the flow would copy the item from the pending list to a processed list which would not be accessible by the user.  This solution would rely on the user context of the flow.  In this case would the flow run in the context of who created it (me), or of who started it (the user), or of who performed the approval action (the approver)? 

 

Thanks for any help and if there is a more elegant solution, I would love to hear it.

2 REPLIES 2
js-dattics
Resolver I
Resolver I

Hi @PowerlessUser 

How do your users input new data in the list? Do they do it directly or via Power Apps or Forms?

According to your use case, I think they're creating new items within the list directly.

In your case, I would recommend to either create a Power App to create new items (with no editing capabilities) or via a Form and a flow, in both cases users won't be able to modify the list directly.

Your option to create two lists is also possible, but I prefer to never let users interact directly with lists.

 

Greetings from Colombia.

Thanks for the advice.  In my case, the users were going to access the list directly with the built in SharePoint form.  I was trying to minimize the amount of complicated setup and rely on the built in SP tools.    I think using a Form and a flow to collect the data might work.  Does the flow execute in the context of my user rights so that the list be read only or not accessible to normal users?   Also, how do you handle the case where the user might need to modify the data after submission?

Helpful resources

Announcements
Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

MPA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

Power Automate Designer Feedback_carousel.jpg

Help make Flow Design easier

Are you new to designing flows? What is your biggest struggle with Power Automate Designer? Help us make it more user friendly!

Top Solution Authors
Users online (3,683)