Impact area
Security
Severity
Medium
Affected element
Flows
Rule ID #
SN-0432
Impact #
Adding flow roles allows a user-initiated flow access to data it would not otherwise have. If a role with admin privileges is included in the list of “run-with-roles”, the flow will have access to all the data in the instance, which could cause data leaks and unintended consequences.
Remediation
Remove the role with admin privileges from the “run_with_roles” list. If necessary, create an ad-hoc role with the minimum set of permissions to run the flow, and use that instead.
Time to fix
40 min
