Let's POWER Automate

From no-code to low-code

Menu
  • Expressions
  • Filters
  • General
  • Application specific solutions
    • Dataverse
    • Excel
    • Forms
    • Planner
    • Outlook
    • SharePoint
    • Teams
  • Triggers
  • Resources
  • ABOUT ME
  • Get help with your flow
Menu

Set up permissions for manually started Power Automate flow

Posted on October 23, 2022October 23, 2022 by Tom

“I’d like to store approval history in another, read-only SP list, how should I set the permissions for such manually started Power Automate flow?”


Every action Power Automate flow does it does using an existing account in your organisation. There’s no “workflow” account, if it creates a SharePoint item, it’s created under that account. If it checks mailbox, it checks mailbox of that account, etc. Which can be good or bad.

Since it’s using a specific account it can do only the tasks that the account has permissions to do. If the account has permissions to delete a SP item, the flow will delete them. But if the user doesn’t have such permissions, the flow will fail – a potential problem when using manually started flows.

Permissions in manually started flows

Unlike automatically started flows where the account is always the same, in manually started flows you have a choice. The ‘Run only users’ settings allows you to define the flow connections – whose account should be used for the actions.

For every connection in the flow you can use either the connection of the user who started the flow, or a connection of the flow author.

Power Automate manually started permissions

Approval flow example

When you build for example an approval flow, you want to store also the approval history somewhere safe. Ideally in a location that users can’t edit, e.g. a separate SharePoint list with read-only permissions.

If you set the ‘Connections Used’ to ‘Provided by run-only user’, the flow will fail while creating the history entry. The users don’t have permissions to create the items and the flow can’t do it on their behalf.

If you on the other side set it to ‘Use this connection (…)’, all actions in the flow will be done under that account. If such flow sets the request status ‘In approval’, it’ll do so using the selected account instead of the user who started the flow. On the other side it can do all the actions that the account can do.

The last, and a bit confusing option is a combination. If you use different connections for the actions (even though they’re connecting to the same source), it’ll show the connection twice in the settings as seen on the image above.

That way you can keep some actions under the user account, while increasing the “permissions” for the ones the user wouldn’t be able to do otherwise.

Unfortunately I didn’t find any way to recognise which connections is which when sharing the flow – you’ll have to try it out.

Summary

When building a manually started Power Automate flow, you must consider also the permissions. If the flow uses the user account, it can use only the resources the user has access to. Once there’s a need to access some more restricted location you can’t use it anymore. For such actions enforce the use of another, fixed account with higher permissions.


Do you struggle with the various expressions, conditions, filters, or HTTP requests available in Power Automate?

I send one email per week with a summary of the new solutions, designed to help even non IT people to automate some of their repetitive tasks.

All subscribers have also access to resources like a SharePoint Filter Query cheat sheet or Date expressions cheat sheet.

Zero spam, unsubscribe anytime.

2 thoughts on “Set up permissions for manually started Power Automate flow”

  1. Vitss says:
    October 23, 2022 at 6:57 pm

    Is this a way to avoid premium licences for users who start a flow grom an app?

    Reply
    1. Tom says:
      October 31, 2022 at 6:42 pm

      Hello Vitss,
      I never used it in this way so I can’t tell you if that’ll work.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Do you know what to do, but not how to do it?

Get The Ultimate Power Automate expressions cheat sheet and translate your thoughts into flows with ease!


There's also the HTTP requests to SharePoint cheat sheet to help you overcome limitations of some standard actions!

Do you struggle with the various expressions, conditions, filters, or HTTP requests available in Power Automate?

I send one email per week with a summary of the new solutions, designed to help even non IT people to automate some of their repetitive tasks.

All subscribers have also access to resources like a SharePoint Filter Query cheat sheet or Date expressions cheat sheet.

Zero spam, unsubscribe anytime.

  • How to find Excel rows missing in SharePoint list (Power Automate)March 29, 2023
  • Check whether user exists in AAD with Power AutomateMarch 26, 2023
  • How to highlight whole SharePoint row based on calculated dateMarch 22, 2023
  • Why is your Power Automate flow running so slow?March 19, 2023
  • How to add multiple links to the Power Automate approval taskMarch 15, 2023

Power Automate blogs worth visiting

Damien Bird
Dennis (Expiscornovus)
Paul Murana

©2023 Let's POWER Automate | Theme by SuperbThemes