We have created a new power automate cloud flow using a service account which have full permission on the SharePoint site (the service account is defines as the site collection admin). the flow do the following:-
1) the user enters a new item inside a custom list >> define the manager inside a field>>save the form
2) the flow will run automatically upon creating the item >> and the flow will break the item permissions grant the creator read-only and the manager contribute.
so my question, can the user, login to Power automate >> create a new flow >> reuse the connection created using the service account and modify the item , even if the user only have read-only permission on it ? is this scenario possible? if the answer is yes, then how we can secure it? am asking this as when i connected to the SharePoint list inside the cloud flow, the connection get added under the connection tab, which means it can be re-used by any user (in other words any user can connect to SharePoint using the service account and do whatever they want using a new cloud flow),, am i correct and is my concern valid?