So something I noticed in Flows is that if you have a “Read Data” operation and provide an Id/PK that doesn’t exist, you get a permissions error rather than a “Not Found” error. I noticed it because I was trying to create a flow where I would receive a webhook trigger with the Id and then a “Read Data” operation. If the record wasn’t found, the operation would throw a “Permissions” error whereas it should throw a “not found” error of some sort.
Hi there, welcome to the community! 
Thanks for writing about this issue. This has actually been the standard behavior for a while now.
Personally, I believe it’s a security-minded decision - when a record isn’t found, Directus treats it as a permissions issue rather than exposing whether the record exists or not.
But if this is something you’d like to see changed, I’d highly recommend creating an issue in the GitHub repository. The team can discuss the implications and potential solutions there.