cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Frequent Visitor

Making an approval flow secure

I am relatively new to Flows and I am creating simple approval flow following the outdated instructions found at   https://docs.microsoft.com/en-us/power-automate/modern-approvals

 

This help document has you create a SharePoint list for your data which includes a boolean field called "Approved" to hold the approver's decision.  When a user submits an item to the list, the flow sends an email with a link for the user to approve or deny the submission.  If the approver approves, the flow sends a notification email and sets the SharePoint field "Approved" to true in the SharePoint list where the item was submitted.  If the approver denies the request, the flow sends an notification email and sets the "Approved" field to false.  This is pretty straightforward but my question is what about permissions?  If a user has rights to submit an item to SharePoint to start the flow, then they would have rights to manually modify the decision the approver made after the flow completed.  Hoping the users never figure how how to manually modify the SharePoint list is not an option.  It does not seem like SharePoint supports column level permissions.  

 

The one solution my meager brain thought of for this problem was to have two lists.  There would be a pending approval list accessible by the users where they would submit their items.  Upon the approver completing the approval, the flow would copy the item from the pending list to a processed list which would not be accessible by the user.  This solution would rely on the user context of the flow.  In this case would the flow run in the context of who created it (me), or of who started it (the user), or of who performed the approval action (the approver)? 

 

Thanks for any help and if there is a more elegant solution, I would love to hear it.

2 REPLIES 2
Highlighted
Resolver I
Resolver I

Re: Making an approval flow secure

Hi @PowerlessUser 

How do your users input new data in the list? Do they do it directly or via Power Apps or Forms?

According to your use case, I think they're creating new items within the list directly.

In your case, I would recommend to either create a Power App to create new items (with no editing capabilities) or via a Form and a flow, in both cases users won't be able to modify the list directly.

Your option to create two lists is also possible, but I prefer to never let users interact directly with lists.

 

Greetings from Colombia.

Highlighted
Frequent Visitor

Re: Making an approval flow secure

Thanks for the advice.  In my case, the users were going to access the list directly with the built in SharePoint form.  I was trying to minimize the amount of complicated setup and rely on the built in SP tools.    I think using a Form and a flow to collect the data might work.  Does the flow execute in the context of my user rights so that the list be read only or not accessible to normal users?   Also, how do you handle the case where the user might need to modify the data after submission?

Helpful resources

Announcements
Community Conference

Power Platform Community Conference

Check out the on demand sessions that are available now!

Power Platform ISV Studio

Power Platform ISV Studio

ISV Studio is designed to become the go-to Power Platform destination for ISV’s to monitor & manage published applications.

Upcoming Events

Experience what’s next for Power Automate

See the latest Power Automate innovations, updates, and demos from the Microsoft Business Applications Launch Event.

Users online (6,658)