Paul Galvin's (old) SharePoint space [SharePoint

Just another WordPress.com site

Minimum Security Required For InfoPath Forms

I needed to meet a security requirement for an InfoPath form today.  In this business situation, a relatively small number of individuals are allowed to create a new InfoPath form and a much wider audience are allowed to edit it.  (This is new-hire on-boarding form used by Human Resources that launches a workflow).

To meet that objective, I created created two new permission levels ("create and update" and "update only"), broke inheritance for the form library and assigned permissions to a "create, update" user and a separate "update only" user.  The mechanics all worked, but it turned out to be a little more involving than I expected.  (If you feel a little shaky on SharePoint permissions, check out this blog post).  The required security configuration for the permission level was not the obvious set of granular permissions.  To create an update-only permission level for an InfoPath form, I did the following:

  1. Create a new permission level.
  2. Clear away all options.
  3. Selected only the following from "List permissions":
    • Edit Items
    • View Items
    • View Application Pages

Selecting these options allows a user to update a form, but not create it.

The trick was to enable the "View Application Pages".  There isn’t any verbage on the permission level that indicates that’s required for update-only InfoPath forms, but turns out it is.

Create-and-Update was even stranger.  I followed the same steps, 1 through 3 above.  I had to specifically add a "Site Permission" option: "Use client integration features".   Again, the description there does not make it seem like it ought to be required for an InfoPath form, but there it is.

</end>

Technorati Tags: ,
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: