N
Nevercrashnow
Hi,
A few weeks ago I posted about the fact that to submit to a SharePoint form
library you had to have contributor level permissions. Thus you also had
permissions to open, edit, change, save and delete someone else's forms. Big
problem if employees are filling out dependent benefit forms etc.
I e-mailed a bunch of people, posted here, bought a boatload of books. None
of the books even touched on this fact. And yeah I bought dang near every
InfoPath 2007 development book. So I guess I was the only guy in the world
who had this challenge. Sorry for mini-rant.
Anyway I solved this without having to crack open visual studio, write event
handlers or other mess. Turns out on Codeplex a fellow posted some custom
SharePoint designer actions that you can use to break permission inheritance,
and then set permissions on the form on "new item added".
http://www.codeplex.com/SPDActivities/
So I was able to do the following:
Set the form libary to not inherit from site.
Starting perms on form libary:
Domain Users, Contribuite [or your SharePoint group]
Managers Group, Contribute
HR Group, Contribute
Then I made a workflow on new item added using the custom actions to do the
following to a submitted form:
1. Add created by - Read [so once submitted a user can't alter the form]
2. Add Managers as Read [or whateve you need in your case]
3. Add HR Group, Contributor
4. Remove permissions for Domain Users.
Net Effect: HR, Managers and the submitter can see the form. No one else
can see each other's forms. Deployed and used in production. Ta-da.
A few weeks ago I posted about the fact that to submit to a SharePoint form
library you had to have contributor level permissions. Thus you also had
permissions to open, edit, change, save and delete someone else's forms. Big
problem if employees are filling out dependent benefit forms etc.
I e-mailed a bunch of people, posted here, bought a boatload of books. None
of the books even touched on this fact. And yeah I bought dang near every
InfoPath 2007 development book. So I guess I was the only guy in the world
who had this challenge. Sorry for mini-rant.
Anyway I solved this without having to crack open visual studio, write event
handlers or other mess. Turns out on Codeplex a fellow posted some custom
SharePoint designer actions that you can use to break permission inheritance,
and then set permissions on the form on "new item added".
http://www.codeplex.com/SPDActivities/
So I was able to do the following:
Set the form libary to not inherit from site.
Starting perms on form libary:
Domain Users, Contribuite [or your SharePoint group]
Managers Group, Contribute
HR Group, Contribute
Then I made a workflow on new item added using the custom actions to do the
following to a submitted form:
1. Add created by - Read [so once submitted a user can't alter the form]
2. Add Managers as Read [or whateve you need in your case]
3. Add HR Group, Contributor
4. Remove permissions for Domain Users.
Net Effect: HR, Managers and the submitter can see the form. No one else
can see each other's forms. Deployed and used in production. Ta-da.