Item level permissions for InfoPath forms via SharePoint Designer Workflows

Posted by on Mar 23, 2010 in InfoPath, SharePoint, SharePoint 2007

We all know that out of the box, Microsoft decided NOT to implement item level permissions within InfoPath Forms Libraries and the same goes for Document Libraries, however if you venture into a standard SharePoint List and navigate to Settings / Advanced Settings,  you will notice that you can easily configure Item-level permissions and specify which items users can read and edit as per the below screen capture.

image thumb6 Item level permissions for InfoPath forms via SharePoint Designer Workflows sharepoint 2007 sharepoint infopath

We all know the primary use of InfoPath right? The ability to create fancy forms that can be easily submitted and stored in a Forms Library for easy retrieval.  In our organization, there are a number of InfoPath forms that are required to be accessible by only the authors and the reviewers once a form has been submitted, so how do we go about securing these forms?  Before we delve into the solution, here is some background on permissions required for InfoPath forms.  As a minimum, users are required to have contributor rights to a form library in order for them to submit or save a form.  By having contributor rights, they inadvertently inherit read rights as well, and are provided with the opportunity to view all submitted InfoPath forms within the respective library.  Let’s take two common forms used in most organizations, the humble leave and expense forms.  These are two particular forms where you would only want the author and reviewer to have access to these forms after they have been submitted in the library.

Luckily, we can easily achieve this via SharePoint Designer Workflows and a neat little codeplex extention provided Paul Kotlyar called SPDActivities which you can download here.  This solution extends the available activities within SharePoint Designer 2007.  These are listed as follows;

The two that we will be utilising to ultimately provide us with the ability to set item level permissions upon submitting a form are;

  • Delete List Item Permission Assignment and Grant Permission on Item.

After installing the solution on your SharePoint Farm, launch SharePoint Designer and browse to the site where the Form Library in question exists and select File / New / Workflow.

Enter a name for the Worfkflow, select your SharePoint Forms Library and select, “Automatically start this workflow when a new item is created.

image thumb7 Item level permissions for InfoPath forms via SharePoint Designer Workflows sharepoint 2007 sharepoint infopath

Click Next.

We now need to set our Actions.  The first set of actions will be to delete any permissions that are no longer required that are being inherited, notably any viewer and contributor rights.  We do so by selecting the “Delete List Item permission Assignment” under Action.

image thumb8 Item level permissions for InfoPath forms via SharePoint Designer Workflows sharepoint 2007 sharepoint infopath

We will click on “this item” hyperlink and select “Current Item”

image thumb9 Item level permissions for InfoPath forms via SharePoint Designer Workflows sharepoint 2007 sharepoint infopath

We next click on “this user” hyperlink and select the SharePoint Group(s) that no longer require access to the entire library.  We repeat this process until all the unnecessary permissions are removed.

Next we select Actions and utilise the “Grant Permission on Item” activity.

image thumb10 Item level permissions for InfoPath forms via SharePoint Designer Workflows sharepoint 2007 sharepoint infopath

We next click on “this level” hyperlink and type in one of the available permissions

Full Control
Design
Contribute
Read

In this example, I will type in Contribute, and then click on “this item” hyperlink and select “Current Item”.  Lastly, I will click on “this user” hyperlink and select,  “Workflow Lookup…” / Current Item / Created By.

image thumb11 Item level permissions for InfoPath forms via SharePoint Designer Workflows sharepoint 2007 sharepoint infopath

This will allow the author of the form to have contributor access only to the items they create.  You can then repeat the above process to potentially add a “Reviewers” group to have the same access.

If we now navigate to the Forms Library in Question and locate an form item that has been submitted under the new workflow we will notice the correct permissions being applied.

In the below example, the Author Sarah has contribute permission, and I have two other specific groups also being assigned the necessary permissions based on the business process.

image thumb12 Item level permissions for InfoPath forms via SharePoint Designer Workflows sharepoint 2007 sharepoint infopath

In summary, it is definitely possible to provide item level permissions to your submitted InfoPath forms without the need of code.  If you know of another method of providing the above, don’t hesitate to share your ideas via the comments below.

  • http://roadha.us/ haliphax

    I’ve installed the WSP, and I see the new options when I open up SP Designer 2007 to create a new workflow… but when I select one of the actions provided by the WSP, nothing happens. :(

  • http://martinherrer.tumblr.com/post/53897715697/sharepoint-has-become-the-centerpiece-of-many Declan Haley

    It’s so awesome to find an simple remedy to a serious issue. Thank for sharing!