We all know that out of the box, Microsoft decided NOT to implement item level permissions within InfoPath Forms Libraries and the same goes for Document Libraries, however if you venture into a standard SharePoint List and navigate to Settings / Advanced Settings, you will notice that you can easily configure Item-level permissions and specify which items users can read and edit as per the below screen capture.
We all know the primary use of InfoPath right? The ability to create fancy forms that can be easily submitted and stored in a Forms Library for easy retrieval. In our organization, there are a number of InfoPath forms that are required to be accessible by only the authors and the reviewers once a form has been submitted, so how do we go about securing these forms? Before we delve into the solution, here is some background on permissions required for InfoPath forms. As a minimum, users are required to have contributor rights to a form library in order for them to submit or save a form. By having contributor rights, they inadvertently inherit read rights as well, and are provided with the opportunity to view all submitted InfoPath forms within the respective library. Let’s take two common forms used in most organizations, the humble leave and expense forms. These are two particular forms where you would only want the author and reviewer to have access to these forms after they have been submitted in the library.
Luckily, we can easily achieve this via SharePoint Designer Workflows and a neat little codeplex extention provided Paul Kotlyar called SPDActivities which you can download here. This solution extends the available activities within SharePoint Designer 2007. These are listed as follows;
- Send Email with HTTP File attachment – Allows sending emails with attachments retrieved using a web request
- Send Email with List Item attachments – Allows sending list item attachments as files attached to an email
- Start Another Workflow – Starts another workflow associated with a list item
- Grant Permission on Item – Allows granting of specified permission level on a specified item
- Delete List Item Permission Assignment – Allows deleting of specified permission level assignment for a given user
- Reset List Permissions Inheritance – removes any unique permissions assigned to an item by inheriting list permissions
- Is User a member of a SharePoint group – Checks if a given user is part of given SharePoint group
- Is Role assigned to User – Checks if a user role is already assigned on the current list item
- Lookup user info – allows to lookup properties in site’s user information list for a given login
- Copy List Item Extended Activity – Allows copying/moving list items and files cross site.
- Send Email Extended – Enhanced version of the OOTB activity. Allows you to specify the sender. Also does not break links in body.
The two that we will be utilising to ultimately provide us with the ability to set item level permissions upon submitting a form are;
- Delete List Item Permission Assignment and Grant Permission on Item.
After installing the solution on your SharePoint Farm, launch SharePoint Designer and browse to the site where the Form Library in question exists and select File / New / Workflow.
Enter a name for the Worfkflow, select your SharePoint Forms Library and select, “Automatically start this workflow when a new item is created.
Click Next.
We now need to set our Actions. The first set of actions will be to delete any permissions that are no longer required that are being inherited, notably any viewer and contributor rights. We do so by selecting the “Delete List Item permission Assignment” under Action.
We will click on “this item” hyperlink and select “Current Item”
We next click on “this user” hyperlink and select the SharePoint Group(s) that no longer require access to the entire library. We repeat this process until all the unnecessary permissions are removed.
Next we select Actions and utilise the “Grant Permission on Item” activity.
We next click on “this level” hyperlink and type in one of the available permissions
Full Control
Design
Contribute
Read
In this example, I will type in Contribute, and then click on “this item” hyperlink and select “Current Item”. Lastly, I will click on “this user” hyperlink and select, “Workflow Lookup…” / Current Item / Created By.
This will allow the author of the form to have contributor access only to the items they create. You can then repeat the above process to potentially add a “Reviewers” group to have the same access.
If we now navigate to the Forms Library in Question and locate an form item that has been submitted under the new workflow we will notice the correct permissions being applied.
In the below example, the Author Sarah has contribute permission, and I have two other specific groups also being assigned the necessary permissions based on the business process.
In summary, it is definitely possible to provide item level permissions to your submitted InfoPath forms without the need of code. If you know of another method of providing the above, don’t hesitate to share your ideas via the comments below.
I’ve installed the WSP, and I see the new options when I open up SP Designer 2007 to create a new workflow… but when I select one of the actions provided by the WSP, nothing happens. 🙁
It’s so awesome to find an simple remedy to a serious issue. Thank for sharing!