Forum Discussion
Flow Outlook Approvals - what happens when the email is forwarded?
Hey Folks,
This could be a known limitation, so apologies in advance!
We have a PowerApp in SharePoint with a Flow for Approvals. We noticed today that if you are using the Outlook Approval Email template in Flow - if the person sent the original approval email message forwards that message to someone with the same contribution rights as the original approver, then they can also approve the item.
I would have thought that there would be some magic security in play to recognise the user clicking the Approve button in the email body.
So if this is a known issue - does anyone have any thoughts around how you could edit the flow to check on the user clicking the approve button in the approval email and comparing against a connected value to match the original approver?
I'm not 100% but I dont think there is a current user option to compare against - so will look maybe to see if I can edit at the SharePoint end and compare user modifying against assigned approver (column).
Anyways - any thoughts around this would be awesome!
Rich
soo to update...
Adding a Get my Profile action in flow after the send approval email and before check email action 'approve / reject' still picks me up as the user... even when another user clicks the Approve button from a message I have forwarded to them.. and then sharepoint shows that I was the person who updated the item - not the other user either... so running out of ideas... maybe just enable a DLP rule to prevent forwards of approval type emails?
update - moving away from Outlook Approvals to Modern Approvals as these do validate the user who takes the action.
What is modern approvals? How is it different then the Approval functions in flow?
Richard Burdes wrote:update - moving away from Outlook Approvals to Modern Approvals as these do validate the user who takes the action.
