D
David Remillard
In brief, there's an infopath form with 3 sections. After the originator
fills in the first section, that section becomes read only (via infopath
magic). then it goes to a manager for comment and filling out second section
which then becomes read only. finally, the form is returned to the
originator who fills in the last section.
The question is how to secure the data while it's in the forms library. My
client noticed that it's possible for a user to open the XML version of the
form in the form library and even modify the sections that are read only in
infopath. We can narrow the exposure with changing permissions on the item
level but when it gets back to the originator, they need to update and
therefore could open the XML again and change the first section (which is
supposed to be off limits after initial submission).
Any thoughts? Is this scenario something that you've had to deal with before?
fills in the first section, that section becomes read only (via infopath
magic). then it goes to a manager for comment and filling out second section
which then becomes read only. finally, the form is returned to the
originator who fills in the last section.
The question is how to secure the data while it's in the forms library. My
client noticed that it's possible for a user to open the XML version of the
form in the form library and even modify the sections that are read only in
infopath. We can narrow the exposure with changing permissions on the item
level but when it gets back to the originator, they need to update and
therefore could open the XML again and change the first section (which is
supposed to be off limits after initial submission).
Any thoughts? Is this scenario something that you've had to deal with before?