Yes, everyone says InfoPath is dead … but we’re all still supporting it for a while so I wanted to share one of my favorite tips. Forms often need role based security at the field level. Table below with example security matrix.
How can InfoPath detect that? Don’t some people query SOAP ASMX? Or even a custom WSP with a custom ASMX? There is a simpler way with List Item permission.
- Create a new Custom List named “SecurityLevel” with only the default “Title” column.
- Go create the needed SharePoint Groups under Site Permissions.
- Back in “SecurityLevel” add one new item for each SharePoint Group with an identical name. Hover that item, pull down the menu, and set Item Level Permissions for that group ONLY to have “Read” on that item only.
- With InfoPath Designer edit the XSN Form Template and create a new Data Connection to the list “SecurityLevel” with auto refresh.
- Under Form Load create a rule … if count(SecurityLevel [“Analyst”]) > 0 then set field “SecurityLevel=Analyst”.
- With that in place you are ready to apply formatting rules anywhere needed that use “SecurityLevel” to determine hide/show or read/write.
Now when a user open the InfoPath form, the data connection “SecurityLevel” will only show the items they have access to (which is the same as the SharePoint Group membership!). Works on MOSS 2007, SharePoint 2010, SharePoint 2013, and Office 365.
Hope this helps. Please leave a comment if it did.